Healthcare organizations continue to be a prime target for cyberattacks of all kinds, with ransomware incidents, Ryuk in particular, being more prevalent.
Things went from bad to worse in this sector starting November when attacks increased significantly against the hospital and related organizations all over the world.
Year end ransomware spikes
In a joint report at the end of October, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warned of an imminent cybercrime threat to hospitals and healthcare providers.
The advisory aimed to prepare organizations for ransomware attacks with Ryuk and Conti by providing tactics, techniques, and procedures (TTPs) specific to incidents with these malware strains
From November 1, 2020, cybersecurity company Check Point observed a 45% increase in attacks hitting healthcare organizations around the globe. The spike is more than twice the amount of incidents seen in all other industry sectors during the same period.
“The increase in attacks involves a range of attack vectors, including ransomware, botnets, remote code execution and DDoS attacks. However, ransomware shows the largest increase and is also the biggest malware threat to healthcare organizations when compared to other industry sectors” – Check Point
Targeting entities in the healthcare sector with ransomware is deliberate. Taking down their systems could harm patients’ health. The pressure of the pandemic only makes things worse, so the threat actor is more likely to elicit payment.
According to Check Point, the main ransomware threats used in attacks against healthcare entities are Ryuk followed by REvil (Sodinokibi).
Ryuk ransomware operators saw the pandemic as a too-good-to-miss opportunity to inflate their profits, so they focused on medical services more than other targets.
As per data collected by Check Point, most cyberattacks over the past two months hit healthcare organizations in Central Europe, spiking to almost 150% in November.
In East Asia, the attacks increased by 137%, and in Latin America, the growth was 112%. While the numbers are still significant for Europe and North America, attacks against medical entities in these regions recorded the least increment, 67%, and 37%, respectively.
However, Canada saw the largest number of cyberattacks since November 2020, experiencing a 250% uptick during the observed period. The next two countries are Germany (220% increase) and Spain (100% increase).
With the number of COVID-19 infections on the rise, cyberattacks are likely to keep hitting healthcare organizations. Keeping systems updated with the latest patches, a good cyber hygiene, monitoring the network for unauthorized access, and educating employees to spot phishing attempts are good ways to protect against attacks from most threat actors.