Victims lose millions to healthcare related eCrime

Victim losses from healthcare related eCrime in the U.S. rose by 2,473 percent during 2020 as the COVID-19 pandemic swept through the nation and world, CrowdStrike reveals.

Healthcare eCrime describes a scheme attempting to defraud private or government healthcare programs, affecting healthcare providers, companies, or individuals.  

Healthcare eCrime tactics

Tactics often include offers for fake insurance cards, health insurance marketplace assistance, stolen health information, or various other scams involving medications, supplements, weight loss products, or diversion/pill mill practices.  

Criminals usually target victims through spam email, online advertisements, links in forums or on social media, and fraudulent websites. 

According to analysis of the latest data released by the FBI’s Internet Crime Complaint Center (IC3), of the $4.2 billion lost to eCrime in the U.S. in 2020, nearly $30 million of victim losses resulted from healthcare cybercrime. This figure is up over 2,000 percent compared to 2019 levels when total victim losses totaled $1,128,838.

Ranked in second place for highest percentage increase between 2019 and 2020 are eCrimes involving malware, scareware or viruses, with victim losses up 244 percent. It’s estimated victims lost $6,904,054 last year to this type of eCrime, up from $2,009,119 in 2019 before the pandemic reached U.S. shores. 

Ransomware victim losses saw the third largest percentage increase in 2020 – up 225 percent from 2019 levels. Ransomware can take many forms, but they all have one thing in common — they demand a ransom in exchange for restored access to a system or files. Overall, victims in the U.S. lost $29,157,405 in 2020. 

Healthcare a key target to ransomware attacks

Recent research revealed the COVID-19 pandemic has caused a surge in ransomware attacks, specifically those using data extortion techniques. And healthcare has become a key target. In fact, the healthcare sector ranks in the top five most targeted by ransomware data extortion last year.  

The sector reported 97 incidents, up 580 percent compared to pre-pandemic times (Q1 2020) despite certain Big Game Hunters – threat actors who target bigger, more secure targets for larger ransoms – such as TWISTED SPIDER claiming they would refrain from infecting medical organizations until the pandemic had stabilized.

In the words of the FBI’s Deputy Director, “In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cybercriminals took advantage of an opportunity to profit from our dependence on technology to go on an internet crime spree.” 

eCrime exploiting the pandemic

This refocusing of activity is correlated with the emergence of scams exploiting the COVID-19 pandemic and people’s struggles or good nature. The IC3 received over 28,500 COVID-19 related complaints from both businesses and individuals in 2020 and 791,790 complaints for all types of eCrime – up from 467,361 in 2019.  

In the past five years (2016-2020), victim losses from eCrime in the U.S. totaled over $13.3 billion and losses have grown each year since 2017. These findings are concerning for individuals, businesses, law enforcement agencies and governments alike.