Cybercriminals’ preferred big-game hunting tactic in 2021 is to attack health care cybersecurity with breaches and ransomware efforts. Bad actors, especially ransomware groups, admit that health care professionals are a soft target and that they are the most eager to pay ransoms. Oh, and there’s another dark-web motivation: selling personal health information (PHI) data is the most profitable on the black web.
Ransomware is currently the most concerning type of cybercrime. According to researcher IDC, where the average compensation was approximately $15,000 two years ago, it is now about $250,000 (although that figure is distorted by certain huge multiple-million-dollar payouts from businesses such as Colonial and JBS).
When recruiting ransomware gangs for affiliate schemes, cybercriminals frequently highlight the simple cash benefit of breaking into health care organizations. Recruited ransomware affiliates receive 80% of the ransom they set and remit 20% to the sponsoring cybercriminal group. As a result, health care’s cybersecurity flaws have become a selling factor for ransomware affiliate recruiting networks.
According to the newly published Ponemon Research Report: “The Impact of Ransomware on Healthcare During COVID-19 and Beyond,” 67% of health care-delivery companies have been victims of ransomware attacks, with 33% having been struck twice or more. Cybercriminals are well-versed on how to attack endpoints or use phishing to get privileged access credentials and travel across networks.
According to a briefing issued earlier this year by the United States Department of Health and Human Services (HHS) Cybersecurity Program, health care is the top targeted industry for data breaches. According to the HHS Breach Portal, a valuable online reference for all healthcare-related breaches and ransomware attempts between January and October of this year, there were 472 healthcare-related incidents impacting 35.3 million patients.
The top nine breaches alone affected 17 million patients, demonstrating hackers’ predilection for large-scale assaults that provide millions of PHI information at once. One-third of these healthcare assaults began with an email, and 52% began with an exploit of a network-edge vulnerability. According to a recent IDC poll, the average ransomware payment over the last 12 months has been $250,000.
Health care chief information security officers (CISOs) interviewed said their boards of directors are boosting cybersecurity expenditure by at least 15% in 2022, with one saying it may grow by up to 35%. To slow down phishing and social engineering attempts, CISOs and their CIO colleagues are emphasizing zero-trust network access (ZTNA), unified endpoint management (UEM), and training. According to Ericom’s first annual Zero Trust Market Dynamics Survey, 80 percent of businesses want to adopt zero-trust security over the next 12 months, and 83 percent believe zero trust is strategically important for their business.
Zero trust is a strategic endeavor that eliminates the idea of trust from an organization’s network architecture, therefore reducing the likelihood of successful data breaches. The goal of zero trust is not to make a system trustworthy, but rather to eliminate trust.
The findings of Ericom’s survey are consistent with conversations and interviews VentureBeat has had with leading health care provider CIOs and CISOs, who say one of their most difficult challenges is securing the many new remote endpoints that now regularly connect to on-premises network infrastructures.
As companies deploy new endpoints across old on-premises network infrastructures, frequently with little or no endpoint protection in place, the pandemic has been a bonanza for hackers. Interestingly, one CISO stated that it is not unsecured endpoints that are the most hazardous or that she is most concerned about: It’s the ones that have too much conflicting software or aren’t self-healing.
According to Absolute Software’s 2021 Endpoint-Risk Report, the average endpoint device has 11.7 clients installed. For more information on endpoint vulnerabilities, see the VB article “Endpoint security is a double-edged sword; Protected systems can still be hacked.” Given the success of self-healing endpoints in businesses, health care CISOs told VentureBeat last week that their plans for 2022 include trials of self-healing endpoints.