In 2019, healthcare organizations were the fourth most common target for ransomware attacks, according to a report released by Cylance, a BlackBerry company.
Healthcare made up 7% of attacks overall, after technology (28%), consumer goods (15%) and manufacturing (11%), but the sophistication of attacks is growing more complex.
A year prior, in 2018, Cylance said it saw a decline in overall ransomware attacks and an increase in malicious coin miners.
Malware attacks rose by 10% as attackers threatened Windows, macOS, and various IoT platforms. Coin miners offer profit-driven threat actors certain advantages over ransomware, which Cylance believes were leading factors in their increase in popularity.
Per the Cylance report, hackers operate quietly by hijacking system processing resources for mining cryptocurrencies like Bitcoin, often without alerting the victim. Then, hackers attempt to create alternative revenue streams for website owners. They do this by installing coin miners on victims’ browsers without consent.
Cylance says there remains “ample room for improvement” in technology and tactics to respond to ransomware. The average industry ransomware response was 25 days in 2018.
Cybersecurity remains a challenge for healthcare. There are several reasons for this. Most notably, healthcare is a complex being, featuring older computer systems, third-party devices, and scads of vendors.
Because of the factors and obstacles, healthcare organizations often prioritize patient care over cybersecurity. Additionally, efforts to move to a digital environment and converting patient information to electronic health records (EHRs) are further straining healthcare budgets.
Data buried in EHRs is worth a lot, too, often containing date and place of birth, Social Security number (SSN), credit card information, and physical and email addresses. On the black market, an SSN might be worth anywhere from a few cents to a dollar, a credit card number could bring up to a hundred dollars, but an EHR could go for up to $1,000.
Proof of healthcare’s magnetic attraction to hackers is shown in the numbers from 2019. Data breaches were projected to cost healthcare $4 billion by the end of the year. Ninety percent of hospital representatives have gone so far as to report that their IT security budgets have remained level since 2016. Cybersecurity has increased to about 6% of the total annual IT spend for calendar year 2020.
At the same time, according to reports, 84% of hospitals were operating without a dedicated security executive.
In 2017, the Doctors Company found even a small attack can cost health IT departments about $5,000. A more significant attack, requiring the expertise of 20 or more people to clean it up, can cost upwards of $100,000.
The Cylance 2019 Threat Report shows the trends observed and insights gained from the previous year that Cylance's consulting team, research team, and customers encountered over the past year.