Since the beginning of the global pandemic in 2020, organizations in the healthcare and healthcare-related sectors have found themselves in the sights of cybercrime operations. In 2020, 560 healthcare facilities were affected by ransomware attacks in 80 separate incidents. Opportunistic cybercriminals have taken advantage of the already epic stress on the entire healthcare ecosystem to deploy ransomware, conduct account takeovers, and steal huge amounts of personally identifying information (PII) and protected health information (PHI). That sent many hospitals reeling, creating all sorts of negative impacts in their communities.
In a September 2021 report, The Impact of Ransomware on Healthcare During COVID-19 and Beyond, researchers at the Ponemon Institute explored the impact of increased cybercrime during the global pandemic and the impact that cyberattacks including ransomware and third-party incidents had on patient-focused healthcare facilities around the world. Without ransomware in the mix, healthcare facilities reported that they’d seen a sharp increase in cyberattacks since March 2020.
Increase in Types of Cyberattacks on Healthcare Targets Since March 2020
- Credential Theft 60%
- Compromised/Stolen Devices 55%
- Account Takeover 43%
- Denial of Service (DDoS) 32%
- Malicious Insider 30%
- Advanced Malware/Zero-Day Attacks 29%
- Web-Based Attack 23%
- Cross-Site Scripting 21%
- General Malware 19%
- SQL Injection 18%
Healthcare data was a hot commodity during the pandemic. It is still highly desirable in the booming dark web data markets. The majority of respondents (60%) admitted that their HDOs had experienced a data breach in the past two years. On average, each breach incident exposed 28,505 records and cost an average of $837,750. In September 2020 alone, cybercriminals stole 9.7 million medical records. Cybercriminals were well aware that any data relating to COVID-19 treatments, outcomes, research, or vaccine development was worth its weight in gold and they did not hesitate to snatch data from any healthcare-related target that they could infiltrate.
Causes of Breach in Healthcare Organizations
- Attack on a Cloud Application 23%
- Employee Phishing Attack 21%
- Attack on an On-Premises Application 19%
- Attack on an IOT Device 12%
- API Attack 10%
- Attack on a Medical Device 9%
- Other 2%
- Unsure 4%
Pharma and Healthcare Were Ravaged by Ransomware
Ransomware ran rampant throughout 2020 and 2021, and no sector was more beleaguered than healthcare. Facilities researching COVID-19, particularly facilities involved in vaccine development, were especially at risk as cybercriminals sought to profit handsomely from stolen research data. Ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020. Just one week before the first vaccine announcements hit the press, cybercriminals were still at it, nailing Pfizer, Indian giant Dr. Reddy’s (Russia’s Sputnik Vaccine partner, and the Taiwan research arm of Japanese drugmaker Shionogi & Company Limited all in the same week. Microsoft identified the cybercriminals responsible as nation-state actors, Strontium, an actor originating from Russia, and two actors originating from North Korea that they referred to as Zinc and Cerium. Ransomware is the preferred weapon of nation-state threat actors.
Of the 597 health delivery organizations (HDOs) analyzed in this survey, 42% had faced at least two ransomware attacks during the study term. One factor that has contributed to that boom is increased specialization among healthcare facilities and clinics as well as a push to outsource functions to lower operating costs, leaving healthcare targets particularly susceptible to third-party risk. Increased dependence on third-party service providers was named as a major source of ransomware threats by more than one-third (36%) of the survey respondents.
Healthcare Orgs Aren’t Ready for Trouble and They Know It
However, the increase in ransomware danger for healthcare targets isn’t news to those who deal with healthcare IT. Over half of the HDOs that researchers analyzed weren’t feeling good about their prospects when it came to fighting off a ransomware attack before the pandemic hit, and they’re even less confident now that they’re navigating a pandemic-induced cybercrime inundation. Before COVID-19, 55% of respondents say they were not confident they could mitigate the risks of ransomware. In the age of COVID-19, 61% of respondents are not confident or have no confidence that they’re ready to fend off a ransomware attack.
Just like every other business sector, healthcare targets also fell prey to more ransomware attacks in 2020 and 2021. Overall, 43% of the study respondents said that their HDOs experienced a ransomware attack in the last two years, sometimes more than one. Of the healthcare entities in the survey who experienced a ransomware attack, 67% said that their HDO was struck by one ransomware attack, and an unfortunate 33% of respondents said that their organizations had been hit with two or more ransomware attacks since March 2020.
Ransomware is Very Bad News for Patients Too
Ransomware attacks can impact a wide range of functions and operations at a healthcare facility. patient safety, data, and overall care availability. Survey respondents attributed negative impacts on patient outcomes and medical complications to ransomware incidents at their facilities. Respondents report that ransomware attacks had a significant impact on patient care, including a longer length of stay for patients, delays in procedures and tests, increases in patient transfers or facility diversions, and an increase in complications from medical procedures and perhaps the most troubling, mortality rates.
What Impact Does Ransomware Have on Patient Care?
- Longer length of stay 71%
- Delays in procedures and tests that result in poor outcomes 70%
- Increase in patients transferred or diverted to other facilities 65%
- Increase in complications from medical procedures 63%
- An increase in mortality rate 23%
Ransomware Costs Patients Their Lives
In IBM’s analysis of the impact that ransomware has on patient care, analysts cited two examples of patient mortality that are related to the complications of ransomware attacks on medical facilities.
In September 2020, for instance, German authorities looked into the death of a woman following a ransomware attack against a hospital. The patient died after being diverted to another hospital located more than 30 km (18 miles) away from her intended destination, University Hospital Duesseldorf. The facility was dealing with a DoppelPaymer ransomware attack that prevented it from receiving her.
In October, a woman in Alabama filed a lawsuit alleging a hospital had not informed her that a ransomware attack had disabled its computers. The lawsuit asserted that hospital personnel had given reduced care to her baby. The baby was born with a severe brain injury and later died. Attackers after money or health care data ended up with something far worse.
Source: IBM, Security Intelligence, Hospital Ransomware Attacks Go Beyond Health Care Data
