Ransomware, botnets, remote code execution and DDoS incidents increased 45% between Oct and Dec last year.

Cyberattacks on healthcare organizations have continued unabated since October last year, when the Ryuk ransomware was unleashed in a majority of cases.

Since then, there has been a further 45% increase in attacks—more than double the overall increase in cyberattacks across all industry sectors worldwide seen during the same time.

The rise in attacks involves a range of vectors, including ransomware, botnets, remote code execution and DDoS attacks, according to Check Point. However, ransomware showed the largest increase and is currently the biggest malware threat to healthcare organizations.

Such are particularly damaging because any disruption to their systems could affect their ability to deliver care, and could endanger lives, especially considering the strain on resources due to recurring waves of COVID-19 infections worldwide.

This is precisely why criminals are specifically and callously targeting the healthcare sector: because they believe hospitals are more likely to meet their ransom demands.

Healthcare cybersecurity overview

Since the 1 Nov 2020 there has been an increase of over 45% in the number of attacks seen against healthcare organizations globally, compared to an average of 22% increase in attacks against other industry sectors.

  • According to Check Point data, the average number of weekly attacks in the healthcare sector reached 626 per organization in November, compared with 430 in October.
  • Attacks involving ransomware, botnets, remote code execution and DDoS all increased in November, with ransomware attacks showing the biggest spike when compared to other industry sectors.
  • The main ransomware variant used in attacks has been Ryuk, followed by Sodinokibi.
  • Central Europe topped the list of regions impacted by the spike in attacks against healthcare organizations, with a 145% increase in November, followed by East Asia, which suffered a 137% increase; and Latin America with a 112% increase.  Europe and North America saw 67% and 37% increases in cyberattacks, respectively.
  • Canada experienced the most dramatic increase with over a 250% uptick in attacks, followed by Germany with a 220% increase. Spain saw a doubling in attacks.
Increase of attacks, per healthcare organization, per region

Why are attacks spiking now?

Check Point researchers believe the major motivation for these attacks is financial. Attackers are looking for large amounts of money, and fast. It seems that these attacks had paid off very well in 2020, and this success has made them hungry for more.

The increased likelihood of hospitals to pay up the ransom is also a factor due to the unabated resurgence of infections.

It is also important to note that unlike common ransomware attacks, which are widely distributed via massive spam campaigns and exploit kits, the attacks against hospitals and healthcare organizations using the Ryuk variant are specifically tailored and targeted. 

Finally, the valuable intellectual property, research data and confidential patient data of this industry Medical services and research organizations make them even more attractive to nation state actors and cybercriminals alike.

On the periphery of the healthcare sector, the use of contact tracing apps and devices is also a fertile hunting ground for confidential data. As the world’s attention continues to focus on dealing with the pandemic, cybercriminals will also continue to use and try to exploit that focus for their own illegal purposes.