Holiday, Weekend Ransomware Attacks Pose Threats to Healthcare Cybersecurity

November 17, 2022 - Although security professionals may take holidays and weekends off, threat actors do not. New research from Cybereason found that holiday and weekend ransomware attacks resulted in greater revenue losses and lengthier recovery times for victim organizations.

Specifically, 34 percent of 1,200 surveyed cybersecurity professionals whose organizations had been hit by ransomware on a holiday or weekend said it took them longer than usual to assemble an incident response team.

Additionally, 34 percent of healthcare respondents said that it took their organizations longer to assess the attack scope, and 35 percent of healthcare respondents reported lengthier recovery times.

These results can be partially explained by staffing trends, the report suggested. In the US, about half of surveyed organizations said that they staffed at 50 percent or less capacity during weekends and holidays.

“The survey results highlight the fact that traditional Monday through Friday staffing models are out of step with cyber threats and leave companies vulnerable the rest of the week,” Cybereason stated.

“Attackers, of course, take advantage of the fact that companies’ human defenses aren’t nearly as robust during these off-peak times.”

In September 2021, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) urged organizations to remain vigilant following an uptick in observed holiday and weekend ransomware attacks.

Just before the US celebrated Thanksgiving in 2021, CISA released another advisory, urging critical infrastructure entities to remember that “malicious cyber actors aren’t making the same holiday plans as you.”

“Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure,” CISA continued.

At the time, CISA urged organizations to assess their security postures and ensure that IT security employees are on-call on weekends and holidays in the event of a cyberattack.

Of course, these challenges can be difficult to combat given the ongoing cybersecurity workforce shortage. Cybereason suggested that organizations look into bolstering their detection and response strategies and consider locking down privileged accounts on weekends and holidays.

“Ransomware actors tend to strike on holidays and weekends because they know companies’ human defenses often aren’t as robust at those times. It allows them to evade detection, do more damage, and steal more data as security teams scramble to mobilize a response,” Lior Div, co-founder and CEO of Cybereason, said in an accompanying press release.

“Cybereason found that risk assessment is slower, it takes companies longer to assemble the team to fight the initial attack, which leads to slower remediation and recovery times.”