According to Check Point Research (CPR): on average, 1 in 29 healthcare organizations in the United States were impacted by ransomware over the past four weeks. Healthcare is currently the #1 most impacted industry by ransomware. In fact, in 2022, the healthcare industry experienced a 78% year-on-year increase in cyberattacks, with an average of 1,426 attempted breaches per week per organization.

Ransomware attacks can be especially disruptive to healthcare organizations, as evidenced by the recent attack against Prospect Medical Holdings (PMH), which forced them to close emergency rooms across the country. Ambulances were re-routed and elective surgeries rescheduled — potentially putting lives at risk.

In regards to PMH, there has been some speculation about which group might be behind these attacks. CPR researchers investigated and found evidence that it’s Rhysida, a ransomware group that emerged in May 2023.

Interestingly, while responding to a recent Rhysida ransomware case against an educational institution, the Check Point Incident Response Team (CPIRT) and CPR observed a set of unique techniques, tactics and tools that are similar to the tactics from another ransomware group called Vice Society. Vice Society is perhaps most recently known for their ransomware attack against the Los Angeles Unified School District. Both Rhysida and Vice Society have focused their efforts on the healthcare and education sectors. For a technical overview of their similarities, visit the CPR blog.

Why do cyber criminals target healthcare?
Cyber criminals target healthcare because it is essential, has a large threat surface and it contains a lot of sensitive medical data. Additionally, healthcare organizations rely on a blend of new and old technologies, many of which are not properly managed or updated. The rise of the Internet of Things has only complicated matters as more devices find their ways into the healthcare workflow, without being built securely by design.

According to Cindi Carter, Global CISO in the Office of the CTO at Check Point, “Recent ransomware attacks against healthcare providers have emphasized that cyber security is essential to patient care and safety. Above all measures, healthcare organizations should take a preventative approach to their cyber security practices, much in the same way that the five rights of medication ensure patient safety: the right, patient, the right drug, the right dose, the right route of administration, the right time.”

To learn more about protecting hospitals and medical clinics from cyberattacks, please visit: https://www.checkpoint.com/industry/healthcare/

 

 

You may also like