Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.
The report, which looked at more than 2,600 data incidents in 2017, spanning several industries, noted that ransomware remained a constant threat in 2017, including two notable worldwide attacks—WannaCry and NotPetya (though as the report clarified, the NotPetya malware was suspected to be the result of Russia weaponizing an existing version of ransomware for what appears to have been an attack on Ukraine’s infrastructure).
As such, the report found that 45 percent of all ransomware attacks studied in 2017 were in the healthcare sector. The next highest industry for volume of ransomware attacks were financial (12 percent) and professional services (12 percent). Overall, the rise of ransomware attacks across all industries continues to be a significant concern; the report revealed an 18-percent increase in ransomware incidents in 2017.
What’s more, of the more than 2,600 breach incidents studied, hacks or malware accounted for 36 percent of them; followed by accidental disclosure at 28 percent; and then insider and social engineering, both accounting for 10 percent.
Further regarding healthcare, the report noted that the Department of HHS for the Office Civil Rights (OCR) heightened its activity in 2017 with nine resolution agreements enforced against healthcare organizations and higher post-breach monetary payments than imposed previously. The average settlement amount that a breached organization agreed to pay increased significantly in 2016, although the total amount of breach penalty money did decline from 2016 to 2017. As the report stated, “OCR has more resources at its disposal and far less patience for HIPAA non-compliance.”
Katherine Keefe, global head of BBR Services said in a statement, “Criminals are intent on stealing data or extorting cash and their methods are becoming more sophisticated by the day. Wherever weaknesses exist—in systems, processes or simple human fallibility—every organization regardless of sector and size is vulnerable.”
