Healthcare breaches involving ransomware increase year-over-year

2017 has been a very challenging year for healthcare institutions as these organizations remain under sustained attack by cybercriminals that continue to target their networks.

End of year research conducted by Cryptonite indicates that there were a total of 140 data breach events characterized and reported to HHS/OCR as IT/hacking in 2017 representing a 23.89% increase over the 113 IT/hacking events reported in 2016.

The number of reported major IT/hacking events attributed to ransomware by healthcare institutions increased by 89% from 2016 to 2017. This was an increase from 19 reported events in 2016 to a total of 36 events in 2017. In 2017 ransomware events represented 25% of all events reported to HHS/OCR and attributed to IT/hacking. All 6 of the 6 largest IT/hacking healthcare events reported in 2017 were attributed to ransomware.

There were 3,442,748 records reported compromised in 2017, a substantial decrease from 13,425,263 reported compromised in 2016 as cyberattackers diversified their attacks against a broader mix of healthcare entities. In past years, cyber criminals invested considerable time and effort in targeting the largest healthcare institutions as evidenced by the 2015 events impacting Anthem (78.8 million records), Premera Blue Cross (11 million records) and by the 2016 events impacting Banner Health (3.6 million records) and Newkirk Products (3.4 million records). This low hanging fruit has to some extent, been harvested and attackers are now increasingly turning their attention to the broader mix of health care entities.

The emergence and refinement of advanced ransomware tools lowers both the cost and the time for cyberattackers to target smaller healthcare institutions – now they can cost effectively reach physician practices, surgical centers, diagnostic laboratories, MRI/CT scan centers and many other smaller yet critical healthcare institutions. This is the beginning of a trend that will increase very substantially in 2018 and 2019.

Internet of Things (IoT) devices in healthcare also represent new and expanding opportunities for cyberattackers. “Cyberattackers target healthcare networks primarily for two primary reasons – to steal the medical records they contain or to extort ransom payments. Medical records are the targets of choice, as this data is highly prized to support identity theft and financial fraud,” said Michael Simon, President & CEO of Cryptonite. “While 2017 was the year of ransomware, we are anticipating this already hard hit sector will feel the wrath of cyber criminals targeting the hundreds of thousands of IoT devices already deployed in healthcare. IoT devices are now ubiquitous in health care – they are already present in intensive care facilities, operating rooms and patient care networks.”