Reports: Ransomware Attacks Rise as Healthcare Sector is Heaviest Hit

by | Nov 5, 2018

According to the most recent Beazley’s Q3 Breach Insights Report, Cyber Criminal campaigns attacks are increasing once again and healthcare is the most targeted sector.

Ransomware attacks on healthcare groups comprised 37% of those managed by Beazley Breach Response (BBR) Services. This figure is over three times the number of attacks encountered by Professional services, the second most targeted industry with 11%.

Other cyber security companies including Kaspersky Lab, McAfee, and Malwarebytes have all published reports in 2018 that indicate ransomware attacks are falling; however, Beazley’s figures display that monthly increases in attacks occurred in August and September, with double the number of attacks in September compared to August.

The report emphasises a noticeable trend in cyberattacks involving multiple malware variants. One of these involved the Emotet banking Trojan downloaded as the main payload with a an additional payload of ransomware.

Emotet is utilized to steal bank credentials and can download additional malicious payloads. Once credentials have been captured, a ransomware payload is downloaded and deployed. This two pronged strategy has been implemented by several threat groups. The ransom demands can be significant. One group asked for a $2.8 million ransom after an extensive infection that incorporated the encryption of backups.

Beazley refers to research carried out by Kivu Consulting that indicates there has been a rise in the use of rough and ready ransomware variants that use strong encryption to secure files yet lack the functionality to allow the full decryption of data. These cyber attacks can see files stay locked even if a ransom is paid or the encryption/decryption process can lead to file corruption and major data loss.

These cyber attacks show how important it is for groups to conduct constant backups and to test those backups to ensure that file recovery is possible. Healthcare groups should consider a 3.2.1 strategy to backing up: Create three backup copies, on at least two separate media, with one copy stored safely offsite.

It is not surprising that large groups are an attractive mark for cybercriminals. Massive numbers of encrypted devices mean higher ransom demands can be requested. Large groups are also more likely to have funds available to pay high ransoms, although they also have more resources to dedicate to cybersecurity.

Cyber attacks on small to medium sized companies are usually easier and this is confirmed in Beazley’s figures. Out of the ransomware cyber attacks that the BBR Services team have managed, 71% of victims were small to medium sized companies.

The Breach Insights report shows, unlike most industry sectors, accidental disclosures are the main type of data violation in the healthcare sector and making up 32% of all data breaches in Q3, closely followed by hacks/malware incidents on 30%. Beazley remarks that healthcare cyber attack incidents have grown from 20% to 30% this year. 17% of breaches were initiated by internal members of staff, 9% saw the loss of physical records, and 6% involved the loss of portable electronic computing equipment.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy