IBM X-Force Report Shows Healthcare Cyberattacks Increased Twofold in 2020

The IBM X-Force released a new report that shows healthcare cyberattacks increased twofold in 2020 and 28% of attacks had been ransomware attacks. The significant increase in healthcare market cyberattacks placed the industry in the 7th position. The finance and insurance sector is still the most seriously targeted, the following are the manufacturing, energy, business, professional services, and government. Healthcare cyberattacks were 6.6% of attacks through all market segments in 2020.

The 2021 X-Force Threat Intelligence Index report was collected from tracking information from around 130 countries and contained data from greater than 150 billion security events daily, with the information compiled from various sources which include IBM Security X-Force Threat Intelligence and Incident Response, IBM Managed Security Services, X-Force Red, and external sources, for instance, Quad9 And Intezer.

The most popular way systems were compromised was the exploitation of vulnerabilities in OS, computer software, and hardware, which made up 35% of all attacks higher than the 30% in 2019. This was tightly followed by phishing attacks, which were the preliminary entry point in 33% of cyberattacks, greater than the 31% in 2019.

2020 was the first year that IBM X-Force commenced creating its yearly threat index reports. The report reveals that vulnerabilities exploitation was more widespread than phishing as the first attack vector, which was mostly because of the worldwide move to a distributed employees in reply to the pandemic.

About 20% of cyberattacks in 2020 involved taking advantage of vulnerabilities in Citrix servers, which were utilized to assist remote workers. Of all the attacks relating to the exploitation of Citrix flaws, healthcare placed third having 17% of all cyberattacks. Credential theft-linked attacks ranked third in the preliminary attack vector listing and made up 18% of all attacks, lower than the 29% in 2019.

In healthcare specifically, ransomware attacks grew dramatically. On the whole, 23% of security incidents in 2020 involved ransomware, which increased from 20% in 2019. 28% of all cyberattacks on the medical field utilized ransomware. These attacks usually involved data theft before encryption of files to force victims into giving ransom payment to stop the exposure or vending of stolen information. 59% of ransomware attacks last 2020 employed this double-extortion technique.

22% of ransomware attacks used Sodinokibi. The analysts approximate that the Sodinokibi gang’s collection of ransom money reached $123 million in 2020. Some other remarkably active ransomware campaigns were Netwalker, Ryuk Ragnarlocker, and Maze, which each acquired a share of 7% of the attacks.

Ransomware was the top attack type, next was data theft and server access. Data theft went up by 160% year-over-year, with a substantial percentage of the attacks because of the Emotet Trojan. Server access went up by 233% last year. It generally involved vulnerabilities exploitation and usage of stolen credentials. Business email compromise (BEC) attacks diminished in 2020, from 14% in 2019 to 9% in 2020. Insider breaches dropped from 6% to 5% of attacks, with misconfigurations unaffected having 5% of attacks. Remote Access Trojan (RAT) attacks received a visible growth from 2% of cyberattacks in 2019 to 6% in 2020.

Server access and BEC attacks were the second and third most prevalent types of healthcare cyberattacks. Each one accounted for 18% of attacks in 2020. Data theft, insider breaches, and misconfigurations each got 9% of attacks.

The boost in cyberattacks in the healthcare sector was mainly caused by the industry is intensely hit by ransomware groups and hackers assaulting COVID-19-associated research companies. It might have been considerably worse for the healthcare sector. Security experts knew that the Ryuk ransomware group was setting up a targeted plan in October to strike 400 hospitals. The good news is, endeavors by cybersecurity organizations and law enforcement constrained the attacks to merely 9 of the 400 healthcare providers.