Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Feb. 22, 2018
Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

The report, which looked at more than 2,600 data incidents in 2017, spanning several industries, noted that ransomware remained a constant threat in 2017, including two notable worldwide attacks—WannaCry and NotPetya (though as the report clarified, the NotPetya malware was suspected to be the result of Russia weaponizing an existing version of ransomware for what appears to have been an attack on Ukraine’s infrastructure).

As such, the report found that 45 percent of all ransomware attacks studied in 2017 were in the healthcare sector. The next highest industry for volume of ransomware attacks were financial (12 percent) and professional services (12 percent). Overall, the rise of ransomware attacks across all industries continues to be a significant concern; the report revealed an 18-percent increase in ransomware incidents in 2017.

What’s more, of the more than 2,600 breach incidents studied, hacks or malware accounted for 36 percent of them; followed by accidental disclosure at 28 percent; and then insider and social engineering, both accounting for 10 percent.

Further regarding healthcare, the report noted that the Department of HHS for the Office Civil Rights (OCR) heightened its activity in 2017 with nine resolution agreements enforced against healthcare organizations and higher post-breach monetary payments than imposed previously. The average settlement amount that a breached organization agreed to pay increased significantly in 2016, although the total amount of breach penalty money did decline from 2016 to 2017. As the report stated, “OCR has more resources at its disposal and far less patience for HIPAA non-compliance.”

Katherine Keefe, global head of BBR Services said in a statement, “Criminals are intent on stealing data or extorting cash and their methods are becoming more sophisticated by the day. Wherever weaknesses exist—in systems, processes or simple human fallibility—every organization regardless of sector and size is vulnerable.”

Sponsored Recommendations

Improving Workplace Safety and Patient Care in Behavioral Health

In 2023, Vail Health enhanced safety in their behavioral health clinic, but the impact went beyond their expectations. Read their case study to see how prioritizing workplace ...

Transforming Hospital Capacity Through Smarter Patient Progression Strategies

Helping patients move seamlessly through every stage of their care, from admission to discharge, is critical to ensuring patient safety, improving outcomes, and optimizing capacity...

Beyond the AI Buzz: How Clinicians Can Leverage AI for Value-Based Success

Watch on-demand to explore the impact of implementing AI in primary care settings to reduce burnout and thrive in value-based care. Including practical takeaways on driving clinician...

Building the Connected Hospital: Bridging Operational Gaps Through Technology

Join industry leaders to explore how advanced technologies like RFID, AI, EMR, and ERP systems are transforming hospitals into connected ecosystems that enhance efficiency, streamline...