All through 2020, the healthcare sector provided health care to patients battling with COVID-19, at the same time, it had to manage growing numbers of cyberattacks because cybercriminals increased their activities.
Lately, VMware Carbon Black carried out a retrospective evaluation of the status of healthcare cybersecurity in 2020 that showed the degree to which the healthcare sector was attacked by cybercriminals, how attacks succeeded, and what must be done by healthcare companies to avoid cyberattacks this 2021.
VMware Carbon Black examined information from attacks on its healthcare clients in 2020 and discovered 239.4 million cyberattack attempts in 2020, which translates to 816 cyberattack attempts per endpoint on average. That shows an increase of 9,851% from 2019.
With the pandemic, cyberattacks on healthcare companies increased. From January to February 2020, cyberattacks on healthcare clients were 51% higher and continued to go up all through the year, the peak was from September to October when attacks had an 87% month-over-month increase. The big surge in attacks happened in the fall because of greater ransomware activity as the Ryuk ransomware gang particularly increased attacks on the healthcare community.
Attacks were done to get access to healthcare information for identity theft and fraudulence. Stolen information was sold on darknet marketplaces, however, the greatest threat was from ransomware. The effect of ransomware was mainly assisted by affiliates. A lot of ransomware groups offer ransomware-as-a-service (RaaS), so ransomware deployment is easily accessible to many cybercriminals who formerly had no resources to execute the attacks. The huge potential rewards for doing attacks have attracted a lot of people into ransomware distribution. Cybercriminals are additionally hiring insiders that could give them access to networks in exchange for paying big amounts of money or a percentage of ransoms earned.
Double extortion strategies have likewise been broadly used by ransomware gangs to boost the probability of victims paying, so as to avert the publicity of the stolen information instead of just getting the keys to restoring encrypted files. A great deal of the stolen information is being sold on dark websites, particularly stolen protected health information (PHI) and COVID-19 test result information.
In 2020, numerous threat actors had partnered and shared resources and swap strategies, with access to systems being given to other threat groups to perform their own attacks. The venture between threat groups is growing and threat actors are finding new ways to gain access to systems in order to deploy their malicious payloads.
The increasing attacks throughout 2020 would likely not slow down in 2021. Actually, the attacks will likely keep on increasing.
VMWare Carbon Black gave three recommendations for CISOs to make sure that they remain one step in advance of attackers. The majority of AV solutions simply emphasize the delivery step. For greater protection healthcare companies must deploy next-generation antivirus software that safeguards against each stage of ransomware attacks, starting from delivery to distribution to encryption. Endpoint protection software must be selected that could be quickly scaled and deployed to secure new users, at the same time maintain data protection, compliance, and security procedures.
Finally, healthcare CISOs must be proactive and deal with vulnerabilities well prior to exploitation. This means IT tracking applications must be deployed that offer complete visibility into devices that link to the system. This is going to let CISOs to monitor configuration drift and immediately remediate problems and make sure all gadgets are patched and secured.