[BreachExchange] Healthcare organizations face rising ransomware attacks – and are paying up

[Matthew Wheeler]

https://www.theregister.com/2022/06/03/healthcare-ransomware-pay-sophos/

Healthcare organizations, already an attractive target for ransomware given
the highly sensitive data they hold, saw such attacks almost double between
2020 and 2021, according to a survey released this week by Sophos.

The outfit's team also found that while polled healthcare orgs are quite
likely to pay ransoms, they rarely get all of their data returned if they
do so. In addition, 78 percent of organizations are signing up for cyber
insurance in hopes of reducing their financial risks, and 97 percent of the
time the insurance company paid some or all of the ransomware-related costs.

However, while insurance companies pay out in almost every case and are
fueling an improvement in cyber defenses, healthcare organizations – as
with other industries – are finding it increasingly difficult to get
insured in the first place.

"The ransomware challenge facing organizations continues to grow," the
Sophos researchers wrote in the report.

"The proportion of healthcare organizations directly impacted by ransomware
has almost doubled in 12 months. In the face of this near-normalization,
healthcare organizations have gotten better at dealing with the aftermath
of an attack: virtually everyone now gets some encrypted data back and
nearly three quarters are able to use backups to restore data."

In addition, the increasingly tight cyber-insurance space "has driven
almost all healthcare organizations to make changes to their cyber defenses
to improve their cyber insurance position," they wrote.

Sophos interviewed 5,600 IT professionals from around the world, 381 of
which were in healthcare. The picture painted is of a healthcare industry
under growing attack by increasingly sophisticated ransomware, with
organizations more likely to pay the ransom – the ransoms paid on average
were the lowest compared with other sectors – while also improving their
defenses.

"Healthcare enterprises have traditionally been behind other sectors that
are heavily dependent on IT technologies," Garret Grajek, CEO of security
vendor YouAttest, told The Register in an email.

Meanwhile, the insurance and finance industries are also being targeted.
"The attackers target them because they have less-developed security
controls and are dependent on IT services for their business model."

The good news is that healthcare organizations are aware that they are
under attack. The majority of them have cyber insurance and are improving
their security practices, Grajek said, adding that "the chickens are on
alert that the fox is circling the hen house."

And the problem's only getting worse

Sophos's report comes the same week that FBI Director Christopher Wray, in
a speech at Boston College, said the US agency was able to thwart an
attempted ransomware attack on Boston Children's Hospital a year ago before
it was able to do any damage. Wray said Iranian government-supported threat
actors tried to hack into the hospital's network and used the incident –
which he called "one of the most despicable cyberattacks I've ever seen" –
to highlight the continuing cyber threats posed by governments from such
countries as Iran, China, Russia and North Korea.

It's also the same week that cybersecurity firm Zscaler released its 2022
ThreatLabz Ransomware report, which found that the healthcare industry saw
a 650 percent year-over-year increase in ransomware attacks – the largest
growth of any industry.

John Gunn, CEO of authentication security vendor Token, told The Register
in an email he isn't surprised to see healthcare as a top target of
ransomware attacks.

"This segment is the most regulated, has the greatest revenue and profits,
and the most to lose if they don't pay the ransomware demand, all things
that make them the most attractive target for hackers," Gunn argued. "What
is surprising is that more companies are not upgrading their access control
with better authentication. The front door is still where the majority of
hackers enter and it is the easiest to protect."

Sophos believes 66 percent of healthcare organizations were hit by
ransomware in 2021 – up from 34 percent the year before, representing a 94
percent increase. The researchers wrote that the rise demonstrates "that
adversaries have become considerably more capable at executing the most
significant attacks at scale. This likely also reflects the growing success
of the ransomware-as-a-service model, which significantly extends the reach
of ransomware by reducing the skill level required to create and deploy an
attack."

The rate at which the data was encrypted improved from 65 percent in 2020
to 61 percent last year, perhaps indicating healthcare organizations are
getting better at stopping data encryption during an attack (the global
average remains at 65 percent). The percentage of healthcare companies with
extortion-only attacks – public exposure of the data being the driver
behind the ransom demand, not encryption – fell from seven percent to four
percent.

Healthcare organizations also are getting better at recovering from an
attack, with 99 percent last year getting some encrypted data restored, up
from 93 percent in 2020. The industry proved particularly adept at using
multiple approaches to restoring their data, including backing up the data
(72 percent) and paying the ransom (61 percent, up from 34 percent in
2020), as well as 33 percent who said they used other means.

Paying the ransom – always dicey and frowned upon by lawmakers and
cybersecurity vendors – is no guarantee that all the data will be
decrypted. The average ransom was a relatively low $197,000, but those who
paid were only able to recover 65 percent of their data last year and only
two percent got all of their data back.

The increase in ransomware attacks is part of a broader threat environment
that is hitting healthcare more than any other sector, the researchers
wrote. It saw the highest jump in the number of cyber attacks (69 percent)
and the complexity of the attacks (67 percent), according to Sophos.

Rajiv Pimplaskar, CEO of virtual network company Dispersive Holdings, told
The Register in an email that the healthcare sector has been the industry
most impacted by data security breaches.

"As ransomware incidents are tightly correlated, this is a special cause
for alarm for healthcare leaders and CISOs," Pimplaskar said. "Exacerbating
the problem is the proliferation of medical IoT devices that are proving
invaluable for patient care and yet can pose unforeseen vulnerabilities and
attack vectors." ®
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220603/cfa15e46/attachment.html>