Recorded Future Notes Record-Breaking Increase In Ransomware Attacks on Health Organizations

Cybersecurity firm Recorded Future registered 44 cases of cyber threats targeting health organizations in April, the largest monthly number registered by the company during the past four years it’s been collecting data. The company has reported a peak in ransomware attacks, in which threat actors steal digital information and extort victims, usually by asking for money to give the data back.

Notably, medical firm Change Healthcare recently admitted to paying cybercriminals $22 million, even when they had been advised not to. According to a new report by Wired, this high-profile ransom payment could be contributing to the increase in attacks on medical firms, as revealed by Future Records.

“These kinds of large payments are absolutely going to incentivize ransomware actors to go after health care providers,” said Allan Liska, a threat intelligence analyst at Recorded Future, to Wired. Even without a clear reason for the increasing number of attacks in the health industry, experts associate it with the profit malicious organizations have been getting from these attacks.

The threats registered in the past few months have affected hundreds of organizations and millions of patients across the globe. While Recorded Future’s data registers 32 cases for May—one case less than the same month the previous year—Liska said these numbers are expected to increase after more cases come to light.

A Life Or Death Matter Worldwide

Most organizations deal with cyber threats silently, but in the past few weeks, many victims of hacker groups have been revealed worldwide.

In the United States in May, ransomware operator Black Basta attacked the hospital network Ascension—a large healthcare system including 140 hospitals and 40 senior centers in around 10 states across the country—and locked them out of their patient care system for days.

According to anonymous sources who spoke to NPR, the program had patient records, personal information, procedures, and medications. Without access to this information, healthcare providers couldn’t be sure about medicines and doses and ended up delaying test results. As a result, patients’ lives were at risk.

More recently, Cybercriminal group LockBit—recently dismantled by the FBI—published 62 gigabytes of data from the French hospital Simone Veil in Cannes after the medical institution refused to pay ransom in May. Reports indicate that sensitive information exposed included medical test results, ID cards, and more information from patients and hospital staff.

Just a few days ago, another ransomware attack targeted the London-based pathology provider Synnovis putting patients’ lives at risk as it affected hospitals serving around 2 million citizens. According to CBC News, the National Health Service in England urged people to donate blood last week as the attack endangered multiple patients.

Mark Dollar, chief executive at Synnovis, assured that they take security seriously but that the attacks are getting harder to avoid and more actions must be taken worldwide. “It is becoming a global problem for everyone, and everyone has to pitch in to enhance the environment so it’s a little bit more secure.”