Healthcare

“The tenth-most targeted industry, healthcare, accounted for 3 percent of all attacks on the top 10 industries, down from eighth position and 6 percent of attacks in 2018.

The preponderance of evidence suggests that financially-motivated cybercriminals are the primary attackers against healthcare industry networks and medical devices, either aiming to steal and then sell medical records on the dark web, or to encrypt network connected devices to disrupt activity and hold companies for ransom.

The disruption of hospital and nursing home networks has been able to pressure healthcare organizations to pay for ransomware attacks in order to restore their operations sooner and protect human lives. In some cases, the ransom is just too preposterous, like a $14 million demand that followed a 2019 Ryuk attack.

As we move into 2020, the healthcare sector will have to continue to evolve its security posture to protect data. In view of frequent ransomware attacks, hospitals must strengthen incident response capabilities, and look out for emerging attacks on insecure medical devices that could be exploited to lead to an easy compromise and pivoting by motivated attackers.

Notable threat actor groups targeting this sector included financially motivated cybercrime groups such as those operating the Ryuk ransomware. While ransomware attacks do highlight the crisis that could develop when hospitals are affected, we are not seeing a persistent nation-state interest in this sector.”

Reproduced from the IBM X-Force Incident Response and Intelligence Services (IRIS) 2020