Ransomware attacks now to blame for half of healthcare data breaches

Almost half of data breaches at hospitals were because of ransomware attacks – and those attacks could've been prevented with timely patching.

How ransomware could get even more disruptive in 2021

Almost half of all data breaches in hospitals and the wider healthcare sector are as a result of ransomware attacks according to new research.

Ransomware gangs are increasingly adding an extra layer of extortion to attacks by not only encrypting networks and demanding hundreds of thousands or even millions of dollars in bitcoin to restore them, but also stealing sensitive information and threatening to publish it if the ransom isn't paid.

This double extortion technique is intended as extra leverage to force victims of ransomware attacks to give in and pay the ransom rather than taking the time to restore the network themselves. For healthcare, the prospect of data being leaked on the internet is particularly disturbing as it can involve sensitive private medical data alongside other forms of identifiable personal information of patients.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)    

Some organisations will, therefore, opt to pay the ransom to prevent this happening while others won't give into extortion demands. As a result, ransomware is now responsible for 46% of healthcare data breaches, according to analysis by cybersecurity researchers at Tenable. More than 35% of all breaches are linked to ransomware attacks, resulting in an often tremendous financial cost.

One of the key methods for ransomware gangs gaining access to hospital networks is via a pair of VPN vulnerabilities found in the Citrix ADC controller, affecting Gateway hosts (CVE-2019-19781) and Pulse Connect Secure (CVE-2019-11510).

Both of these vulnerabilities had received security patches to stop hackers from exploiting them by the beginning of 2020, but despite this, large numbers of organisations have yet to apply the update.

That's allowed ransomware groups – and even nation-state-linked hacking operations – to exploit unpatched vulnerabilities to gain a foothold on networks and they'll continue to do so as long as networks haven't received the required security patches.

"As the attack surface expands, vulnerability management has a central role to play in modern cybersecurity strategies. Unpatched vulnerabilities leave sensitive data and critical business systems exposed, and represent lucrative opportunities for ransomware actors," said Renaud Deraison, co-founder and chief technology officer at Tenable.

SEE: Cybersecurity: This 'costly and destructive' malware is the biggest threat to your network

The key way to protect networks falling victim to ransomware and other cyberattacks is to apply patches when they're released, particularly those designed to fix critical vulnerabilities. And if there's applications that your organisation uses that no longer receives security updates, researchers recommend replacing this software with an alternative that's still supported.

"If the software solutions used by your organization are no longer receiving security updates, upgrading to one with an active support contract is vital," the report says.

"It is imperative that organizations identify assets within their environments that are vulnerable to months- and years-old flaws and apply relevant patches immediately," it said.

MORE ON CYBERSECURITY