Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Feb. 22, 2018
Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

The report, which looked at more than 2,600 data incidents in 2017, spanning several industries, noted that ransomware remained a constant threat in 2017, including two notable worldwide attacks—WannaCry and NotPetya (though as the report clarified, the NotPetya malware was suspected to be the result of Russia weaponizing an existing version of ransomware for what appears to have been an attack on Ukraine’s infrastructure).

As such, the report found that 45 percent of all ransomware attacks studied in 2017 were in the healthcare sector. The next highest industry for volume of ransomware attacks were financial (12 percent) and professional services (12 percent). Overall, the rise of ransomware attacks across all industries continues to be a significant concern; the report revealed an 18-percent increase in ransomware incidents in 2017.

What’s more, of the more than 2,600 breach incidents studied, hacks or malware accounted for 36 percent of them; followed by accidental disclosure at 28 percent; and then insider and social engineering, both accounting for 10 percent.

Further regarding healthcare, the report noted that the Department of HHS for the Office Civil Rights (OCR) heightened its activity in 2017 with nine resolution agreements enforced against healthcare organizations and higher post-breach monetary payments than imposed previously. The average settlement amount that a breached organization agreed to pay increased significantly in 2016, although the total amount of breach penalty money did decline from 2016 to 2017. As the report stated, “OCR has more resources at its disposal and far less patience for HIPAA non-compliance.”

Katherine Keefe, global head of BBR Services said in a statement, “Criminals are intent on stealing data or extorting cash and their methods are becoming more sophisticated by the day. Wherever weaknesses exist—in systems, processes or simple human fallibility—every organization regardless of sector and size is vulnerable.”

Sponsored Recommendations

Clinical Evaluation: An AI Assistant for Primary Care

The AAFP's clinical evaluation offers a detailed analysis of how an innovative AI solution can help relieve physicians' administrative burden and aid them in improving health ...

From Chaos to Clarity: How AI Is Making Sense of Clinical Documentation

From Chaos to Clarity dives deep into how AI Is making sense of disorganized patient data and turning it into evidence-based diagnosis suggestions that physicians can trust, leading...

Bridging the Health Plan/Provider Gap: Data-Driven Collaboration for a Value-Based Future

Download the findings report to understand the current perspective of provider and health plan leaders’ shift to value-based care—with a focus on the gaps holding them back and...

Exploring the future of healthcare with Advanced Practice Providers

Discover how Advanced Practice Providers are transforming healthcare: boosting efficiency, cutting wait times and enhancing patient care through strategic integration and digital...