Network intrusion problems have overtaken phishing as the top cause of healthcare data security mishaps, which has been the principal cause of data breaches for the past 5 years.
In 2020, 58% of the security cases sorted out by BakerHostetler’s Digitial Assets and Data Management (DADM) Practice Group were network infiltrations, most often regarding the use of ransomware.
This BakerHostetler 2021 Data Security Incident Response (DSIR) has issued its report for the 7th consecutive year. The report gives ideas about the recent threat landscape and presents risk mitigation and compromise response intelligence to aid companies to better fight against attacks and strengthen their incident response. The report is according to the studies of above 1,250 data security occurrences handled by the organization in 2020, which integrated a variety of attacks on healthcare institutions and their suppliers.
Ransomware attacks are currently the ideal attack method for lots of cybercriminal agencies and have been tested to be very successful. By exfiltrating files ahead of encryption, victims not merely have to pay to get back their files, but at the same time to stop the immediate exposure or sale of sensitive information. This new double extortion method happens to be very powerful and data exfiltration prior to file encryption is right now normal. During 2020, ransomware attacks continued to grow more frequent and more intense.
BakerHostetler explains that the ransoms demanded and the number being paid grew considerably in 2020, just as the number of threat groups/ransomware variants used in the attacks. There were just 15 in 2019; last year, the number increased to 75.
Of all the attacks reviewed and monitored by BakerHostetler in 2020, the greatest ransom demand was for over $65 million. In 2019, the biggest ransom demand documented was $18 million. Payments are frequently made to hasten recovery, make certain data recovery, and to avert the vending or exposure of information. In 2020, the greatest ransom paid was greater than $15 million – up from just above $5 million in 2019 – and the average ransom payment increased twofold more from only $303,539 in 2019 to $797,620 in 2020.
In medical care, the average initial and median ransom demand were $4,583,090 and $1.6 million, respectively. The average and median payments were $910,335 and $332,330, respectively. The average and median number of persons impacted were 39,180 and 1,270, respectively. The average time to acceptable restoration of data was 4.1 days. The average and median costs of the forensic investigation were $58,963 and $25,000, respectively.
Through all industry areas, 70% of ransom notes reported sensitive information was stolen and 90% of investigations identified some information of data exfiltration. 25% of occurrences contributed to data theft so, notifications were issued to affected people. 20% of victims made a ransom payment to the attackers though they could retrieve their data from backups.
Upon ransom payment, in 99% of cases, the payment was made by a third party for the affected business and in 98% of incidents, a valid encryption key was furnished to have data recovered. It had taken an average of 13 days from encryption to restoration of information.
24% of all security cases were because of phishing. Phishing attacks usually resulted in network intrusion (33%), ransomware attacks (26%), data theft (24%), and Office 365 account control (21%).
2020 had an ongoing rise in ransomware as well as a rise in large supply chain matters, and even more stretching of the ability of the incident response industry. Institutions worked to immediately secure incidents – regardless of problems in just getting passwords modified and endpoint, detection and response tools available to remote personnel.
It is more prevalent now for breach victims to take legal action. The tendency for lawsuits being sent in when breaches affect a lot fewer than 100,000 persons continued to rise in 2020, which is increasing the cost of data breaches. HIPAA enforcement activity likewise went on at elevated levels, even though in 2020 most of the financial penalties granted were for HIPAA Right of Access problems, as opposed to fines linked to security breaches.