Most research I’ve read lately suggests that the rate of healthcare cyberattacks is at an all-time high, and that ransomware is leading the parade.
But is that really true? Maybe not. A new security report has concluded that the rate of ransomware attacks on healthcare organizations actually fell during the first half of this year, and what’s more, that such attacks trended lower during the same period.
The study, which comes from security firm CryptoniteNXT, notes that cybercriminals target healthcare because they can fetch great prices for the data by reselling it on the dark web. Also, given the complexity of healthcare networks and the high number of vulnerabilities in those networks, thieves see providers as a fat and easy target.
However, when it comes to ransomware, the landscape may be changing. CryptoniteNXT found that the number of ransomware attacks impacting over 500 patient records dropped from 19 major data breaches in the first half of 2017 to 8 major breaches in the first half of 2018. That’s an impressive 57% decrease.
The biggest reported records IT/hacker-driven breach hit LifeBridge Health, affecting 538,127 individuals. Other organizations targeted included academic medical centers, medical practices, ambulatory surgical centers, health plans and government agencies.
Meanwhile, the rate of ransomware attacks as a percentage of IT/hacking events has fallen substantially, from 30.16% during the first half of 2017 to 13.6% during the first half of this year.
On the other hand, the volume of patients affected has climbed. Roughly 1.9 million patient records were breached in the first half of this year, compared with 1.7 million records the first half of 2017 and 1.8 million records the second half of that year, it concludes.
Also, the report notes that ransomware attackers are far from done with the industry. The authors say that ransomware will still pose a “formidable threat” to healthcare organizations and that new variants such as AI-based malware will pose a major threat to healthcare organizations for the next couple of years.
To fend off hacking attacks, CryptoniteNXT recommends adopting new best practices such as moving target cyber defense and network micro-segmentation, which can address the inherent weakness of TCP/IP networks.