Latest Health Data Breaches News

Healthcare Accounts for 79% of All Reported Breaches, Attacks Rise 45%

Reports show a 45 percent spike in attacks against healthcare providers since November, as the sector accounted for 79 percent of all reported data breaches in 2020.

healthcare data breaches ransomware attacks Ryuk endpoint security cybersecurity risk management

By Jessica Davis

- Cyberattacks against healthcare entities rose 45 percent since November, while the sector continues to be the most impacted overall and accounted for 79 percent of all reported data breaches during the first 10 months of 2020, according to reports from Check Point and Fortified Health Security.

Check Point’s research provides a much needed look at the biggest threats currently facing the sector. Shortly after the federal agency alert on the imminent ransomware threat facing healthcare providers, researchers observed a 45 percent increase in attacks -- more than double the amount seen in other industries.

The threats include botnets, remote code execution, and DDoS attacks, with ransomware attacks seeing the biggest increase. Check Point stressed that the malware is the biggest threat facing healthcare providers.

The number of weekly attacks on healthcare reached an average of 626 per organization in November, compared to 430 each week in October. In North America, attacks against the sector rose 37 percent, overall.

Ryuk continues to be the most commonly used ransomware variant in these attacks, followed by Sodinokibi. Ryuk was first discovered in the wild in 2018 and commonly targets the healthcare sector given that many hackers believe hospitals are more likely to pay ransom demands.

READ MORE: COVID-19, Ransomware, Breaches Led 2020 Health IT Security Trends

“The attacks against hospitals and healthcare organizations using the Ryuk variant are specifically tailored and targeted,” Check Point researchers wrote. “As the world’s attention continues to focus on dealing with the pandemic, cybercriminals will also continue to use and try to exploit that focus for their own illegal purposes.”

“It is essential that both organizations and individuals maintain good cyber-hygiene to protect themselves against Covid-related online crime,” they added.

In total, more than 500 healthcare organizations reported a breach of more than 500 patient records to the Department of Health and Human Services through the first 10 months of the year. Fortified predicts that number will surpass 550 once all breaches are reported to HHS.

During that time, the number of reported incidents increased 18 percent compared to the same time period in 2019. To Fortified, the amounts correlate to the chaos caused by COVID-19, as a host of reports showed hackers steadily worked to take advantage of the pandemic for financial gain.

Hacking and IT incidents remained the biggest cause of healthcare data breaches, accounting for 69 percent of reported incidents -- an 8 percent increase from 2019. The second leading cause was unauthorized access, which caused 20 percent of all breaches.

READ MORE: Biggest Healthcare Security Threats, Ransomware Trends into 2021

Network server cyberattacks are also on the rise, increasing from 35 percent from January to October 2020, according to Fortified. In comparison, those attacks increased just 23 percent during the same period in 2019.

Email continues to be the most common attack vector leveraged in attacks on healthcare providers, despite the prevalence of ransomware.

The report also showed a significant uptick in breaches tied to business associates, which was directly tied to the massive Blackbaud ransomware incident that continues to have a rippling effect across the sector.

“If cybersecurity wasn’t on the radar of healthcare C-suite executives before the FBI’s late October warning of an ‘imminent’ threat to hospitals, it certainly is now,” Fortified Health CEO Dan Dodson, wrote. “Couple that with ransomware continuously dominating headlines, highlighting how health systems have been brought to their knees as a result of outages impacting their ability to deliver care, and we may finally have the attention of our constituents.” 

“The seemingly ever-increasing amount of cybercrime directed toward the nation’s hospitals serves as a wake-up call that the healthcare industry has desperately needed,“ he added.

READ MORE: CISA Insights on Ongoing APT Cyber Activity Behind SolarWinds Attack

In response, healthcare entities should monitor networks for signs of trojan infections, which typically occur prior to ransomware attacks. Check Point researchers reminded organizations that ransomware attacks rarely begin with a ransomware infections.

Administrators should look for Trickbot, Emotet, Dridex, and Cobalt Strike infections and remove them using threat hunting solutions, especially as these variants are commonly tied to Ryuk.

Further, entities should be on guard during the weekend and holidays, which are the most common attack timeframes (when fewer staff members are working). Check Point also recommended the implementation of anti-ransomware solutions and routine training for employees on malicious emails and common phishing tactics.

Check Point also recommended the use of virtual patching, which can prevent attempts to exploit weaknesses in vulnerable systems or applications.

Entities should also be sure to update, monitor, and test the integrity of the enterprise network and connected systems, including systems, software, and endpoint security tools, Fortified added.

“Beyond day-to-day security tasks, monitor and identify threats to your organization and environment,” Fortified researchers wrote. “Based on those threats, develop plans to mitigate or remediate them. This can be accomplished by assessing your current security technologies to ensure they are fully operationalized and reviewing the processes and policies these technologies support.”

“Identify tools, processes, and policies needed to mitigate any gaps identified, and update and rehearse your incident response plan,” they added. “Taking a hard look at identity and access management controls to include enabling multi-factor authentication on externally exposed services is key to reducing an organization’s threat surface area.”