Ransomware attacks against the healthcare sector skyrocketed in 2024, according to an analysis by SafetyDetectives. There have already been 264 attacks on health care providers this year through September, almost more than the 268 attacks recorded in all of 2023.
SafetyDetectives claims that an increase in the number of ransomware groups and variants in 2024 contributed to the increase in attacks on the healthcare sector.
In 2023, 68 active groups were responsible for approximately 4,841 attacks worldwide. This year, there were an average of 394 attacks per month from 87 groups. The report also reveals that cybercriminals are changing their tactics. Cybersecurity experts discovered 177 new ransomware variants from April to September 2024 alone.
According to the report, the March 2024 Change Healthcare attack was a pivotal event for the healthcare threat landscape. Experts believe the organization's decision to pay the $22 million ransom will encourage other companies in the industry to comply with such demands to avoid HIPAA fines and operational disruption. He has expressed concern that this may be the case. These findings suggest that ransomware attackers share this view.
Ransomware attacks can have a serious impact on healthcare organizations. For example, service disruptions can delay critical services, prevent access to electronic health records (EHRs), compromise diagnostic systems, and put patient lives at risk.
Data theft is also a major impact. SafetyDetectives estimates that attackers may have stolen nearly 120 TB of data from healthcare organizations in 2024, based on data that is clearly unreliable.
In some cases, this data can cause serious harm to patients. Attackers often post sensitive patient data on public forums, such as patient files, passports, and even NSFW images from orthopedic clinics. Exposure of this data can be extremely traumatic, leading to identity theft, healthcare fraud, and emotional distress for victims.
In response to the growing ransomware threat, SafetyDetectives recommends that healthcare organizations:
Perform software updates and patches on a regular basis. Implement multi-factor authentication (MFA) and strict access controls. Provide employee training to reduce risks from phishing and other cyber attacks. Maintain offline backups of important data. Develop a comprehensive incident response plan.
The opinions expressed in this post are those of the author and do not necessarily reflect the views of Information Security Buzz.