FBI IC3: Healthcare Sector Faced Most Ransomware Attacks Last Year

March 24, 2022 - Of all critical infrastructure sectors, the healthcare sector faced the most ransomware attacks in 2021, the Federal Bureau of Investigation’s (FBI) 2021 Internet Crime Report revealed. The FBI’s Internet Crime Complaint Center (IC3) also observed a 7 percent increase in total internet crime complaints in 2021 compared to 2020.  

Phishing scams, non-payment or non-delivery scams, and personal data breaches were the most reported cybercrimes in 2021, the report continued. The victims tracked by the IC3 in 2021 lost over $6.9 billion in total, thanks to a multitude of cyber threats. Many of those cyber threats hid in plain sight, disguising themselves as legitimate investment opportunities, tech support, and real estate prospects.

The IC3 received 148 complaints of healthcare ransomware attacks. The next-highest number came from the finance sector, with just 89 complaints.

“Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally,” the report noted.

“Although cyber criminals use a variety of techniques to infect victims with ransomware, phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploitation of software vulnerabilities remained the top three initial infection vectors for ransomware incidents reported to the IC3.”

Many of 2021’s healthcare ransomware attacks can be attributed to Conti ransomware group, which victimized the most critical infrastructure entities in 2021 according to the IC3’s complaint submissions. Conti successfully attacked at least 16 US healthcare organizations and first responder networks over the past year.

In May 2021, IC3 released a flash alert warning organizations of Conti. At the time, Conti had already claimed more than 400 victim organizations. In September, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) released an advisory in September 2021, warning organizations of Conti’s capabilities.

In March 2022, CISA and the FBI re-released their September advisory to include new Conti indicators of compromise. Considering Conti’s significant presence in the cyber threat landscape and its tendency to target healthcare organizations, it is unsurprising that healthcare saw the most ransomware attacks in 2021.

Behind Conti, LockBit 2.0 and REvil/Sodinokibi victimized the most US critical infrastructure entities last year.

“Of all critical infrastructure sectors reportedly victimized by ransomware in 2021, the Healthcare and Public Health, Financial Services, and Information Technology sectors were the most frequent victims,” the FBI reiterated.

“The IC3 anticipates an increase in critical infrastructure victimization in 2022.”

The IC3’s expected uptick makes sense considering the rising number of complaints and monetary losses in recent years. In 2017, the IC3 received 301,580 complaints and losses of $1.4 billion. In 2021, the IC3 observed 847,376 complaints and recorded $6.9 billion in losses. These numbers have been steadily climbing over the last five years.

Although ransomware poses a significant threat, phishing attacks, business email compromise (BEC), and cryptocurrency scams grew in popularity last year. COVID-19 prompted a rise in remote work, which allowed fraudsters to deploy more sophisticated attacks.

As trends continue to move in the wrong direction, healthcare organizations should remain vigilant against all types of cyber threats.