Cyber attacks on healthcare sector top hacker trends: report

Check Point has published its 2021 Security Report. Each year, the company shows how cyber criminals exploited the previous year to target industry sectors across the globe. Among the primary highlights of this year’s report is the fast-growing trend of cyber attacks on hospitals and healthcare organizations.

Escalation in Cyber Attacks on Hospitals

Healthcare places near the top of industries most targeted by hackers. The chart below demonstrates the increase in attack rate per healthcare organization throughout 2020 and the beginning of 2021. The attack rate increased by roughly 37 per cent.

The graph above also shows a steep rise in cyber attacks on healthcare organizations beginning in September and October of 2020. Recent Check Point Research from October showed that healthcare is currently the most targeted industry in the US, with a 71 per cent increase in attacks compared to September. Towards the end of October, the US CISA, FBI, and HHS released a warning about an increase in Ryuk ransomware attacks on U.S. hospitals. In November and December 2020, there was an increase of over 45 per cent in the amount of cyber attacks targeting healthcare organizations globally – double the global increase of attacks seen in the same time period across all industry sectors, which was 22 per cent.

Double-extortion Ransomware Attacks Rose in 2020

One of the most prolific cyber threats hospitals and healthcare organizations face is ransomware. Behind ransomware is the hacker technique of what is known as “double-extortion”. Here, a cybercriminal launches a multi-stage ransomware attack, combining the traditional encryption of the victim’s files with exfiltration of data.  The attacker then threatens to release the breached data publicly unless the ransom payment is paid within the designated timeframe.

This puts additional pressure on victims to meet the attackers’ demands, as well as exposing the victim to penalties from data watchdogs, and the need to alert affected patients and partners whose data was breached. Research shows that in Q3 2020, nearly half of all ransomware incidents involved the threat of releasing data stolen from the target organization. On average, a new organization becomes a victim of ransomware every 10 seconds worldwide.

Why Hospitals? Why Now?

According to Lotem Finkelsteen, Head of Threat Intelligence at Check Point: “It’s no secret that coronavirus has changed the way we live, but many don’t fully see how the virus changed hacker behavior. The influx of coronavirus patients has completely inundated hospitals. Hackers see this and have clearly showed growing interest throughout 2020, and they are actively trying to take advantage. Hackers are further motivated by the wide vaccine distribution programs taking place at healthcare centers. We expect hackers to not stop targeting hospitals, as their exploits have provided to be lucrative at times. Hospitals should educate their staff on the risks of malicious emails, as it can usually take just one sketchy email to take down an entire hospital’s network.”

Other Key Trends in the Report

• Cloud adoption races ahead of security:  2020 saw organizations’ digital transformation programs advance by over five years in response to the pandemic, but public cloud security is still a major concern for 75 poer cent of enterprises. Also, over 80% of enterprises found their existing security tools don’t work at all or have only limited functions in the cloud, showing that cloud security problems will continue into 2021.
• Remote working is targeted:  hackers ramped up ‘thread hijacking’ attacks on remote workers to steal data or infiltrate networks using the Emotet and Qbot trojans, which impacted 24 per cent of organizations globally. Attacks against remote access systems such as RDP and VPN also increased sharply.
• Mobiles are moving targets:  46 per cent of organizations had at least one employee download a malicious mobile application, which threatens their networks and data in 2020.  The increased use of mobiles during global lockdowns has also driven growth in banking and information-stealing mobile Trojans.