Cybersecurity News

Open Ports, Phishing Key Targets in Healthcare Ransomware Attacks

Corvus finds ransomware attacks on healthcare have persisted at the same levels seen during the last quarter of 2019, with hackers primarily exploiting open ports and phishing to gain footholds.

healthcare ransomware attacks open ports phishing attack endpoint security

By Jessica Davis

- The rate of ransomware attacks reached its highest levels in 2019, with the first quarter of 2020 expected to surpass those numbers across all sectors, according to Corvus. And on healthcare entities, hackers are leveraging two key vectors: phishing emails and open ports, where the organization’s IT infrastructure connects to the internet.

However, despite its overall attack surface, the successful, reported ransomware incidents on healthcare entities remained flat amid the COVID-19 pandemic.

The findings uphold earlier Emsisoft research that showed the success of ransomware has declined during the crisis but will likely spur a resurgence in the near future.

The data science team at Corvus analyzed reported ransomware attacks over time to determine overall trends. Due to variances in reporting standards, researchers stressed that the report only represents a sample of the true number of attacks.

According to Corvus, the flattened rate of ransomware attacks on healthcare entities followed a steady increase in attacks during the last quarter of 2019. Indeed, the healthcare sector faced several massive ransomware incidents on third-party vendors, as well as a host of hospitals that were forced into downtime following ransomware infections.

In fact, earlier Corvus data showed ransomware attacks on healthcare entities rose 350 percent during Q4 2019. And researchers expect that the number of incidents on healthcare will only be slightly greater than what was reported during Q4 2019.

Overall, the data projected that ransomware attacks across all sectors will hit nearly 250 incidents, compared to 150 reported ransomware incidents during the last quarter of 2019.

“Attacks on healthcare entities have always been a big part of the overall ransomware picture,” researchers explained. “A recent rise in attacks on healthcare entities follows the general trend in ransomware. But while overall attacks rose in Q1, within healthcare they remained flat.”

“Could the claims by several ransomware groups that they would avoid attacks on health care during the COVID-19 pandemic be reflected here? Future reports will tell,” they added.

When it comes ransomware attacks on open ports, researchers explained that healthcare entities typically appear to have a smaller attack surface. However, open ports provide a method for hackers to exploit. Healthcare organizations that fail to manage these potentially vulnerable endpoints will find it difficult to monitor and defend these endpoints.

Further, organizations open themselves to greater risk by failing to secure these endpoints. Corvus found vulnerable remote desktop protocols increase an organization’s likelihood of a successful ransomware attack by 37 percent.

Earlier Coveware research adds further concern: RDP credentials can be purchased on the dark web for just $20 and “combined with cheap ransomware kits, the costs to carry out attacks on machines with open RDP were too economically lucrative for criminals to resist.”

Further, as hackers have continued to pummel the healthcare sector with COVID-19-related phishing attacks, entities have failed to keep pace with the threats. In fact, 75 percent of hospitals fail to employ email scanning and filtering tools, Corvus reported. And those numbers are even higher than the average rates. Across all healthcare entities, 86 percent do not use these tools, although its use reduces the likelihood of a successful ransomware attack by 33 percent, according to the report.

“This metric has barely budged since COVID-19 outbreak began. This is despite the fact that phishing exploits have increased and present a risk to healthcare organizations,” researchers explained. “Overall, health care organizations are average, or better than average, when it comes to defending against two key attack vectors.”

This isn’t surprising given the regulatory environment and the sensitivity of their data. However, attackers are not deterred by a challenge,” they continued. “More important is the return on investment, and with a rich set of patient data (both PII and PHI), hospitals and other care facilities are a valuable target for data breaches.”

As a result, healthcare organizations need to employ an “adversarial approach to defense,” researchers explained. Given the attack surfaces of hospitals, the need for defense-in-depth strategies will prove crucial. Entities should review recent ransomware guidance from the Office for Civil Rights to improve best practices around this critical threat.