Ransomware Surge Drives 45% Increase in Healthcare Cyber-Attacks

Cyber-attacks on global healthcare organizations (HCOs) increased at more than double the rate of those targeting other sectors over the past two months, according to Check Point.

The security vendor’s latest data covers the period from the beginning of November to the end of 2020, and compares it with the previous two months (September-October), a spokesperson confirmed to Infosecurity.

It revealed a 45% increase in attacks on the healthcare sector, versus less than half this figure (22%) for all other verticals. November was particularly bad, with HCOs suffering 626 weekly attacks on average per organization, compared with 430 in the previous two months.

Although the attacks span a variety of categories — including ransomware, botnets, remote code execution and DDoS — perhaps unsurprisingly, it is ransomware that displayed the largest increase overall and poses the biggest threat to HCOs, according to Check Point.

Ryuk and Sodinokibi (REvil) were highlighted as the main culprits.

In fact, financially motivated cyber-criminals have been going after the healthcare sector since the start of the COVID-19 crisis, well aware that hospitals and clinics are distracted with the huge surge in cases coming through their doors.

Microsoft revealed in April how these groups are increasingly using APT-style tactics to gain a foothold in networks, perform lateral movement and credential theft, and exfiltrate data before deploying their ransomware payload.

Central Europe experienced the biggest rise in cyber-attacks on its HCOs during the period (145%), followed by East Asia (137%) and Latin America (112%).

Europe recorded a 67% increase, although Spain saw attacks double and Germany recorded a 220% surge. Although North America (37%) saw the smallest rise regionally, Canada experienced the biggest increase of any country, at 250%.

“This past year, a number of hospital networks across the globe were successfully hit with ransomware attacks, making cyber criminals hungry for more,” explained Check Point manager of data intelligence, Omer Dembinsky.

“Furthermore, the usage of Ryuk ransomware emphasizes the trend of having more targeted and tailored ransomware attacks rather than using a massive spam campaign. This allows the attackers to make sure they hit the most critical parts of the organization and have a higher chance of getting their ransom paid.”

Check Point urged organizations to look for the presence of Trickbot, Emotet, Dridex and Cobalt Strike, as these often presage ransomware, and to be on their guard on weekends, when attackers often strike.

Virtual patching, employee education and anti-ransomware solutions are also crucial tools in the CISO’s armory, it added.

What’s Hot on Infosecurity Magazine?