Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat

Cyberattacks on healthcare organizations have continued to increase over the past two months, according to research conducted by cybersecurity firm Check Point, and ransomware is now the biggest malware threat.

In October, a joint security advisory was issued by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warning the healthcare and public health sector of an increase in targeted ransomware attacks, specifically attacks involving Ryuk and Conti ransomware.

Over the following two months, cyberattacks on the healthcare and public health sector have continued to increase, with Check Point’s data indicating a 45% global increase in healthcare cyberattacks, compared to a 22% increase in attacks across all industry sectors. Globally, the average number of attacks on the healthcare industry increased from 430 a week in October to 628 a week in November and December.

Check Point reports increases in targeted ransomware, botnet, remote code execution, and DDoS attacks on the healthcare sector, with ransomware attacks seeing the biggest percentage increase in November and December. Ransomware is now the biggest malware threat to healthcare organizations, with Ryuk ransomware attacks the most prevalent variant, followed by Sodinokibi (REvil) ransomware.

Cyberattacks on healthcare organizations have increased globally. The biggest percentage increase was seen in Central Europe, where attacks increased by 145%, followed by East Asia with a 137% increase, Latin America with a 112% rise, and a 67% increase in Europe and 37% increase in North America. Canada saw the biggest percentage increase of any country with a 250% increase in attacks, followed by Germany with a 220% increase and a 100% rise in Spain.

Ransomware gangs are taking advantage of the COVID-19 pandemic and are targeting healthcare organizations which are currently under extreme pressure treating increased numbers of patients. Due to the damage caused by the attacks and the impact on patients, the attackers believe there is a greater chance of the ransom being paid.

With no sign of the attacks reducing, healthcare organizations should ensure they practice good cyber hygiene and step up network monitoring to detect attacks in progress, especially during holidays and weekends when attacks are more likely to occur.

Check Point also recommends searching for Trojan infections such as Emotet, TrickBot, Dridex and Cobalt Strike, which are often used to deliver Ryuk ransomware. Healthcare organizations should also ensure employees are trained how to identify phishing and social engineering attacks via email, as this is often how the ransomware gangs gain a foothold in healthcare networks.

Anti-ransomware solutions capable of quickly remediating attacks in progress should be implemented and patches should be applied promptly. Since many healthcare systems cannot easily be patched, Check Point recommends implementing an Intrusion Prevention System (IPS) with virtual patching capabilities to prevent the exploitation of weaknesses in vulnerable systems and applications.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news