A recent report from Corvus reveal the increase of ransomware attacks on healthcare organizations by 350% in Q4 of 2019. There is no indication that the attacks would diminish in 2020. Several attacks have already been reported in 2020 by NRC Health, Pediatric Physician’s Organization at Children’s, Jordan Health, and the BST & Co. accounting company, which impacted the Community Care Physicians medical group.
To determine ransomware developments in healthcare, Corvus’s Data Science group analyzed ransomware attacks on healthcare providers from Q1 of 2017. From Q1 of 2017 to Q2 of 2019, the average of ransomware attacks reported by healthcare organizations was 2.1 per quarter. Healthcare organizations reported 7 attacks in Q3 of 2019 and 9 attacks in Q4 of 2019. Corvus found that U.S. healthcare organizations reported over two dozen ransomware attacks in 2019 and forecasts a report of at least 12 ransomware attacks in Q1 of 2020.
Other cybersecurity companies reported similar information showing an increase in healthcare-related ransomware attacks in the latter half of the year. Emsisoft’s report indicated that 764 U.S. healthcare providers were affected by ransomware attacks in 2019.
The Corvus report reveals that the healthcare organizations’ attack surface is smaller compared to the web average so that it is less difficult to protect against attacks; nevertheless, attacks remain successful indicating that healthcare organizations are having difficulties blocking the main attack vectors employed by cybercriminals to send their ransomware payloads.
The two primary ways used by threat actors to gain access to healthcare networks and install ransomware are email and Remote Desktop Protocol (RDP). Threat actors look for healthcare organizations having exposed RDP ports and employ brute force strategies to figure out the passwords. Corvus determined that with an open RDP port, ransomware attacks potentially increase by 37%. Healthcare providers on average had 9 open ports, the least number in hospitals and the biggest in medical groups.
The primary attack vector was email, which was employed in most ransomware attacks on healthcare providers. 91% of ransomware attacks were due to phishing attacks.
Email security solutions can scan emails, email attachments and hyperlinks to detect and block email-based threats; but, 75% of hospitals have not used such tools. Only 14% of healthcare providers implemented email scanning and filtering tools.
Corvus’s study indicates that if healthcare organizations would use email scanning and filtering tools, ransomware attacks could possibly decrease by 33%. The risk could be further minimized by giving employees regular security awareness training so they could recognize phishing emails and malware attacks. Email authentication procedures must also be enforced. In the case of email credentials compromise, 2-factor authentication could stop the use of stolen credentials to access internal resources.