Healthcare sector faces 130 ransomware attacks in 90 days: CYFIRMA
SINGAPORE, SINGAPORE — Healthcare organizations worldwide are under siege by ransomware gangs, with 130 confirmed attacks in just three months—making the sector the sixth most-targeted industry globally.
A new report by cybersecurity firm CYFIRMA reveals that U.S.-based for-profit healthcare providers bear the brunt of these attacks, accounting for 54% of incidents.
Ransomware gangs are actively targeting healthcare
Among the ransomware groups, Qilin was the most active one, having identified 24 victims with groups like Everest and Bianlian, initiating over 50% of their attacks on healthcare centers.
The trend suggests that healthcare is a lucrative and vulnerable target for cybercriminals, who are likely to demand ransom payments from victims eager to regain access to essential systems.
The geographical impact of the attacks has been the highest in the United States, having 70 victims, compared to Australia, Canada, the U.K., and Italy. The threat, however, is international, with victims spread across 33 countries.
Although the general number of ransomware cases decreased slightly compared to the previous quarter, healthcare still accounts for 8.1% of all recorded ransomware victims in the industry.
Healthcare’s Low APT risk doesn’t mean safety
Although states sponsor most Advanced Persistent Threat (APT) groups, they do not target healthcare because it has little strategic significance; financial attackers are occupying the space.
No APTs targeting healthcare have been detected by CYFIRMA during the past 90 days, as nation-state hackers tend to prioritize other sectors, such as defense and energy.
However, the threat of ransomware is constantly present, and the number of conversations on underground forums about the industry places the topic of healthcare in eighth place in discussions between cybercriminals.
Although the number of mentions of data breaches decreased by 17%, interest remained high, as evidenced by the continued mentions of ransomware. Vulnerabilities such as Remote Code Execution (RCE) and injection attacks were among the most prevalent due to weaknesses in electronic health records (EHRs) and those related to outdated medical device software.
This implies that although healthcare may not be a high-value APT target, its defensive system is still ineffective against opportunistic ransomware attackers.
Addressing healthcare’s cybersecurity gap through outsourcing
The susceptibility of healthcare to ransomware demands proactive measures; one approach is to outsource cybersecurity to address the shortfalls. Third-party vendors introduce the latest technology, threat intelligence, and compliance skills to safeguard sensitive patient information.
Such a method not only helps avoid the risks of the breach but also guarantees strict adherence to the rules, including the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).
As the majority of healthcare agencies have limited experience in the cyberattack diversion sphere, outsourcing healthcare cybersecurity services may become a defining step toward disrupting the patient treatment process.
