The surge in cyber attacks on the healthcare sector were double the increase in cyber attacks on all other industries during the same time period, as researchers marked only a 22% increase in attacks on all other sectors outside of healthcare. The increase in attacks involves a range of attack vectors, including ransomware, botnets, remote code execution and DDoS attacks. Ransomware showed the largest increase and poses as the most significant malware threat to healthcare organizations, when compared to other industry sectors.
Cyber attacks by region
The surges in cyber attacks on healthcare organizations occurred mostly in Central Europe (+145%), followed by East Asia (+137%), Latin America (+112%), Europe (67%) and North America (37%). As for specific countries, Canada experienced the most dramatic increase with over a 250% uptick in attacks, followed by Germany with a 220% increase. Spain saw a doubling in ransomware attacks on its healthcare sector.
Omer Dembinsky, manager of data intelligence at Check Point said: "Cyber-attacks on the global healthcare sector are simply getting out of control. This is because targeting hospitals equates to fast money for cyber criminals. These criminals view hospitals as being more willing to meet their demands and actually pay ransoms. Hospitals are completely overwhelmed with rises in coronavirus patients and recent vaccine programs – so any interruption in hospital operations would be catastrophic.
“This past year, a number of hospital networks across the globe were successfully hit with ransomware attacks, making cyber criminals hungry for more. Furthermore, the usage of Ryuk ransomware emphasizes the trend of having more targeted and tailored ransomware attacks rather than using a massive spam campaign, which allows the attackers to make sure they hit the most critical parts of the organization and have a higher chance of getting their ransom paid.”
Security tips for healthcare organizations
1. Look for Trojans – Ransomware attacks don’t start with ransomware. Ryuk and other types of ransomware exploits usually start with an initial infection with a trojan. Often this trojan infection occurs days or weeks before the ransomware attack starts, so security professionals should look out for Trickbot, Emotet, Dridex and Cobalt Strike infections within their networks and remove them using threat hunting solutions – as these can all open the door for Ryuk.
2. Raise your guard on weekends and holidays – most Ransomware attacks over the past year have taken place over the weekends and during holidays when IT and security staff are less likely to be working.
3. Use anti-ransomware solutions – although ransomware attacks are sophisticated, Anti-Ransomware solutions with a remediation feature are effective tools which enable organizations to revert back to normal operations in just a few minutes if an infection takes place.
4. Educate employees about malicious emails – Training users on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted phishing email that does not even contain malware, just a socially-engineered message that encourages the user to click on a malicious link, or to supply specific details. User education to help identify these types of malicious emails is often considered one of the most important defenses an organization can deploy.
5. Patch virtually – the Federal recommendation is to patch old versions of software or systems, which could be impossible for hospitals as in many cases, systems cannot be patched. Therefore, we recommend using Intrusion Prevention System (IPS) with virtual patching capability to prevent attempts to exploit weaknesses in vulnerable systems or applications. An updated IPS helps your organization stay protected.