The lack of proper security technologies in place is largely to blame for the massive increase in ransomware attacks in Q4 of 2019 as compared to the same time the previous year.
The Healthcare industry continues to be a target for cyberattacks. According to security vendor Blackberry Cylance, Healthcare is the number 4 industry targeted for ransomware attacks. This data is corroborated by the latest numbers from insurer Corvus, who have released their latest Security Report on the state of Healthcare cybersecurity. According to the report, ransomware has risen consistently in 2019 over 2018, with a projection for Q1 of 2020 to be literally 12 times higher than the same quarter last year.
The most at-risk subset of Healthcare is Medical Groups – generally, smaller than a hospital, but larger and more complex than an individual practitioner’s office. According to the report, this group has an attack surface that is 66% larger than a hospital, and 25% larger than a small practice.
The largest factor contributing to this large attack surface and resulting increase in ransomware attack seems to be attributed to a distinct lack of security as a focus in Healthcare. According to the report, 86% of healthcare organizations have no email scanning and filtering – that means malicious email content is most definitely making its way down to the Inbox and the User.
Healthcare organizations need to consider leveraging tools like email scanning and filtering to help disrupt email-based phishing campaign (whether intent on infecting with ransomware, malware, remote access trojans, or any other form). Additionally, the use of continual Security Awareness Training would empower the user with the knowledge of how to identify suspicious and/or malicious email and web content before falling victim to sophisticated attacks that use effective social engineering tactics.
Ransomware isn’t going away anytime soon, so it’s imperative that Healthcare organizations put security measures in place now to protect against all forms of cyberattack, including ransomware.