In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report from cybersecurity firm Cryptonite.
In its healthcare cyber research report, Cryptonite researchers also credit this decline in ransomware events to healthcare organizations’ deploying best practice technologies to better protect and defend their networks.
The report is based on an analysis and review of data on cyberattacks impacting healthcare institutions across the United States between January 1, 2018 and June 30, 2018. The firm’s analysis and review of government data, internet sources and the direct experience of its security operations center (SOC) provide the baseline data for the analysis.
The report finds ransomware attacks actually reversed course in 2018 and trends lower in the first half of this year. While ransomware attacks rose in 2017, with an 89 percent increase in the frequency of reported attacks, these attacks as major IT/hacking data breach events impacting over 500 patient records dropped from 19 major data breaches in the first half of 2017 (the comparison period) to 8 major data breaches in the first half of 2018, marking a decrease of 57 percent.
Ransomware attacks reported as a percent of major IT/hacking data breach events impacting over 500 patient records dropped to 13.56 percent in the first six months of 2018, the report states. This metric peaked in the first half of 2017, at 30 percent, and then has declined in the two subsequent periods, dropping to 22 percent in the second half of 2017.
The report authors credit this drop to healthcare organizations adding micro-segmentation to networks, as well as specialized software to address ransomware threats. In the largest hospitals, new Zero Trust technologies have been added to the existing mix of defense in depth technologies to expand and harden the defensive perimeters, the report states.
The report authors also note that this data appears to be consistent with other sources. Kaspersky Lab recently found that the total number of ransomware events decreased by approximately 30 percent from 2016-2017 to 2017-2018, the report notes. “The Kaspersky report notes that ransomware attackers are searching for more profitable activities such as cryptojacking. Per Kaspersky, they have found that ransomware is ‘rapidly vanishing,’ and that cryptocurrency mining is starting to take its place,” the Cryptonite report authors wrote.
“We do believe that ransomware still presents a formidable threat to healthcare and expect new variants, such as AI-based malware, to present very difficult challenges to healthcare institutions later in 2018 and into 2019,” the report authors wrote.
Based on the firm’s analysis, patient records (ePHI) breached in the first half of 2018 came in at 1,928,432, which is slightly higher than previous time periods. In context 1,674,793 ePHI records were breached in the first six months of 2017 and 1,767,955 ePHI records were breached in the second half of 2017.
Overall, total healthcare major data breaches so far in 2018 came in at 59 events, and seems headed towards a projected total of between 120 and 150 total events by the end of the year. The report notes that this appears to be trending lower than previous years. If the first half of 2018 was annualized to 118 events, this would compare favorably to 2017 measured at 140 reported major IT/hacking events, the report states.
The positive trend in reduction of the use of ransomware is overshadowed by the continue high volume of major attack, the report authors wrote.
In the report, the authors also offer recommendations to strengthen healthcare cyber defense. New best practice technologies such as moving target cyber defense (MTD) and network micro-segmentation, can detect and defeat many of the attacks leveraged by vulnerabilities found in most healthcare networks, the report authors wrote.
“A Zero Trust environment can be constructed by combining moving target cyber defense (MTD) and network micro-segmentation technologies. In summary, a Zero Trust environment allows healthcare networks to stop and defeat attackers, ransomware, and insider threats,” the report authors wrote.
