Ride the Lightning

Attacks on Healthcare Organizations Rise by 45% Since November

January 6, 2021

Cybersecurity firm Check Point reported in its January 5 blog post that in the two months since November 1, 2020, there has been an increase of over 45% in the number of attacks against healthcare organizations globally, compared to an average 22% increase in attacks against other industry sectors.

Attacks involving ransomware, botnets, remote code execution and DDoS all increased, with ransomware attacks showing the biggest spike when compared to other industry sectors.

The ransomware variant most utilized in attacks is Ryuk, followed by Sodinokibi.

Why are attacks spiking now? It's all about the money. The criminals want a lot of it and fast. To date, the attacks have reaped vast sums so the healthcare industry has painted a bullseye on its collective forehead.

Hospitals in particular are under tremendous pressure because of the rapid rise in coronavirus cases and are willing to pay the ransom so they can continue to function and not lose lives – or be subject to lawsuits.

Unlike common ransomware attacks, which are distributed via massive spam campaigns and exploit kits, the attacks against hospitals and healthcare organizations using the Ryuk variant are specifically tailored and targeted.

What can you do to defend against these attacks?

Check Point suggests you look for trojan infections – ransomware attacks do not start with ransomware. Ryuk and other types of ransomware exploits usually start with an initial infection with a trojan. Often this trojan infection occurs days or weeks before the ransomware attack starts, so security professionals should watch for Trickbot, Emotet, Dridex and Cobalt Strike infections within their networks and remove them using threat hunting products – as these can all give Ryuk an opening.

Most ransomware attacks over the past year have taken place over the weekends and during holidays when IT and security staff aren't likely around. Make sure alerts are distributed to someone on-call 7/24/365.

Anti-ransomware solutions with a remediation feature are good tools which allow organizations to revert back to normal operations in a matter of minutes.

Employee education is critical so that employees recognize phishing emails, targeted social engineering emails seeking information, etc.

While this story is all about healthcare organizations, its lessons should be a warning beacon for law firms and legal organizations as well. Anecdotally, we've seen the same uptick in attacks on legal entities – with increasingly higher ransom price tags.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson