Ransomware Attacks Are the Cause of About 50% of Healthcare Data Breaches

Tenable published a new report which revealed that more or less half of all healthcare data breaches are caused by ransomware attacks, and in most of the scenarios the attacks could have been avoided.

As per the Tenable Research 2020 Threat Landscape Retrospective Report, there were 730 data breaches documented throughout all industry groups in 2020’s first 10 months and over 22 billion records had been compromised. The breached healthcare data records were 8 million.

Healthcare recorded the greatest number of data breaches of any industry field between January and October 2020, accounting for about 25 % of all reported data breaches. The percent of breaches for the various sectors are below: government (12.5%), education (13%), and technology (15.5%).

Because of the large number of healthcare data breaches, Tenable researchers studied those breaches to determine the major causes and uncovered that ransomware attacks were responsible for 46.4% of all documented data breaches, and then email compromise attacks (24.6%), insider threats (7.3%), app misconfigurations (5.6%) and unsecured databases (5%). Through all industry fields, ransomware attacks were associated with 35% of data breaches whereas 14.4% of breaches were a result of email compromises, which demonstrates the healthcare sector is notably inclined to these types of attacks.

Although no healthcare company is resistant to ransomware attacks, usually these attacks can be avoided. One of the most well-known ways for ransomware groups to obtain access to healthcare networks is taking advantage of vulnerabilities in Virtual Private Network (VPN) solutions. There are two vulnerabilities most frequently taken advantage of by ransomware gangs — CVE-2019-19781 vulnerability identified in the Citrix ADC controller, and CVE-2019-11510 vulnerability found in Pulse Connect Secure.

These vulnerabilities actually have patches launched in 2020, but lots of companies did not implement the patches promptly to fix the vulnerabilities. Consequently, threat actors got a quick way to get a foothold in systems, view and retrieve sensitive information, and install ransomware.

Numerous businesses go on using server application that isn’t supported any longer, and ransomware gangs typically target vulnerabilities in the obsolete server software program. Ransomware groups likewise take advantage of vulnerabilities in RDP and make use of brute force techniques to figure weak account passwords.

It may be tricky for healthcare companies to modify software programs and operating systems that are getting close to the end of life, nevertheless it is crucial to use solutions that get active support or guarantee that any application that is not supported is separated and those systems could not be accessed through the network. Securing RDP and reinforcing the use of good security passwords will additionally help to avert ransomware attacks.

It is furthermore necessary to handle the second most frequent reason for healthcare data breaches. Email security tools will stop almost all email attacks, yet security awareness training for staff members must also be given routinely. One of the most vital actions to take on is to use multi-factor authentication on all email accounts. It’s typically only after encountering a phishing attack that healthcare institutions use multi-factor authentication, however by being proactive, it’s likely to avoid email account breaches.

Microsoft explained in a 2020 blog article that multi-factor authentication is the primary security option to employ to prohibit phishing attacks and it could protect against 99.9% of phishing attacks on email accounts.