A recent analysis conducted by security service provider, Solutionary reported that 88 percent of ransomware attacks that were analyzed by the firm’s Security Engineering Research Team were intentionally targeting healthcare companies. Comparatively, finance and education combined comprised of only 10 percent of malicious attacks.
The report is at odds with another recent special report that concluded that healthcare was not the most targeted sector for cyber crime. The findings lend to the fact that simply because the most recent, high-profile incidents were targeted at the healthcare industry does not mean the healthcare industry actually comprises over 80 percent of attacks.
In support of the Solutionary report, Jon- Louis Heimerl, the intelligence communications manager explained that, “Other industries could very well have had more ransomware attempts which were isolated and stopped by additional controls, but in the case of the healthcare industry, we saw more successful infections.” From the perspective of Solutionary, its analysis supports the notion that the healthcare industry has been in more danger of attacks than any other industry this year.
The significance in Soulionary’s report is that the healthcare industry has been the most targeted and successfully infiltrated. Reasons for this incredibly high percentage are due to the amount of sensitive information in health records. Patient information contains social security numbers, credit card numbers and patient history. These three valuable pieces of information are attractive to hackers. It has three distinct opportunities to exploit patients and companies.
Potential cyber hackers take note of companies that pay ransom amounts and those that do not. If a company has been proactive in having a backup plan, being prepared for an attack and refusing to pay the ransom amount, they are much less likely to be targeted. These records of hacks are public and if a hacker sees a lack of planning or potential vulnerability, that healthcare entity will be at significant risk. In addition to the planning aspect, if a company uses programs, specifically ActiveX and Adobe, they may be at a higher risk of attack as these programs are easily infiltrated.