Network Intrusions and Ransomware Attacks Catch Up With Phishing as Primary Breach Cause

Network intrusion occurrences have overtaken phishing as the major reason of healthcare data security problems, which has been the primary reason behind data breaches in the last 5 years.

In 2020, 58% of the security occurrences handled by BakerHostetler’s Digitial Assets and Data Management (DADM) Practice Group were network attacks, most frequently concerning the usage of ransomware.

This is the 7th successive year of publishing the BakerHostetler 2021 Data Security Incident Response (DSIR) Report. The report offers information regarding the present threat landscape and gives risk mitigation and breach response intelligence to assist companies to better protect against attacks and enhance their incident resolution. The report is based on the results of over 1,250 data security cases handled by the firm in 2020, which involved many attacks on healthcare institutions and their providers.

Ransomware attacks are today the perfect attack method for a lot of cybercriminal groups and have been shown to be very rewarding. By exfiltrating information before encryption, victims not just have to make payments to retrieve their files, but in addition to avoiding the publicity or vending of sensitive information. This new double extortion technique has really been very successful and data exfiltration before file encryption is currently expected. All through 2020, ransomware attacks continued to increase in occurrence and seriousness.

BakerHostetler states that the ransom payments required and the amount being paid went up significantly in 2020, just as the number of threat groups/ransomware variants employed in the attacks. There were just 15 in 2019; last year, the number had gone up to 75.

Of all the cases inspected and monitored by BakerHostetler in 2020, the biggest ransom payment was for above $65 million. In 2019, the greatest ransom demand reported was $18 million. Payments are frequently given to quicken recovery, make sure data retrieval, and to avoid the selling or exposure of information. In 2020, the biggest ransom paid was over $15 million – higher than only more than $5 million in 2019 – and the average ransom payment increased two times more from only $303,539 in 2019 to $797,620 in 2020.

In health care, the average preliminary and median ransom demand were $4,583,090 and $1.6 million, respectively. The average and median payments were $910,335 and $332,330, respectively. The average and median numbers of people impacted were 39,180 and 1,270, respectively. The average time to acceptable recovery of data was 4.1 days. The average and median price of the forensic investigation were $58,963 and $25,000, respectively.

Throughout all industry groups, 70% of ransom notes stated sensitive information was stolen and 90% of investigations discovered some proof of data exfiltration. 25% of cases led to data theft therefore, notifications were sent to affected persons. 20% of victims paid the attackers although they can get their data from backups.

Upon payment of ransoms, in 99% of cases, the transaction was done by a third party for the affected company, and in 98% of instances, a valid encryption key was given to enable data recovered. It required an average of 13 days from encryption to retrieval of data.

24% of all security occurrences were due to phishing. Phishing attacks usually caused Office 365 account control (21%), data theft (24%), ransomware attacks (26%), and network intrusion (33%).

2020 had a persistent spike in ransomware along with a growth in large supply chain matters, and more stretching of the capability of the incident response industry. Companies worked to rapidly control incidents – in spite of difficulties in merely having passwords altered and endpoint, detection and response tools implemented to remote employees.

It is more widespread now for breach victims to file legal action. The pattern for lawsuits being submitted when breaches affect less than 100,000 people continued to grow in 2020, which is escalating the cost of data breaches. HIPAA enforcement activity additionally kept on at higher levels, though in 2020 most of the financial penalties given were for HIPAA Right of Access violations, instead of fines associated with security breaches.