Ransomware Attacks Cause Almost Half of Healthcare Data Breaches

Tenable publicized a new report which showed that nearly half of all healthcare data breaches are due to ransomware attacks, and in many of the cases the attacks could have been prevented.

Based on the Tenable Research 2020 Threat Landscape Retrospective Report, there were 730 data breaches reported from all industry categories in 2020’s first 10 months and more than 22 billion records had been exposed. The exposed healthcare data records were 8 million.

Healthcare listed the largest number of data breaches of any industry segment from January to October 2020, accounting for nearly 1/4 of all documented data breaches. The percentage of breaches for the different sectors are as follows: technology (15.5%), education (13%), and government (12.5%).

Prompted by the big number of healthcare data breaches, Tenable researchers reviewed those breaches to find out the primary causes and discovered that ransomware attacks caused 46.4% of all reported data breaches, then email compromise attacks (24.6%), insider threats (7.3%), app misconfigurations (5.6%) and unsecured databases (5%). In all industry categories, ransomware attacks were behind 35% of data breaches while 14.4% of breaches were due to email compromises, which indicates the healthcare market is specifically prone to these types of attacks.

While no healthcare provider is ransomware attack proof, in most cases these attacks can be averted. One of the most typical ways for ransomware gangs to get access to healthcare systems is the exploitation of vulnerabilities in Virtual Private Network (VPN) solutions. There are two vulnerabilities usually exploited by ransomware gangs — CVE-2019-19781 vulnerability identified in the Citrix ADC controller, and CVE-2019-11510 vulnerability found in Pulse Connect Secure.

These two vulnerabilities already have patches released in early 2020, however, a lot of businesses did not apply the patches immediately to resolve the flaws. Therefore, threat actors had an easy way to obtain a foothold in networks, access and copy sensitive data, and deploy ransomware.

A lot of companies keep using a server software program that is not supported anymore, and ransomware groups frequently target vulnerabilities in the out-of-date server application. Ransomware gangs additionally exploit vulnerabilities in RDP and utilize brute force strategies to guess weak account passwords.

It may be hard for healthcare providers to alter software applications and operating systems that are nearing end of life, however, it is important to update to solutions that include active support or make sure that any software program that is no longer supported is singled out and those systems can’t be accessed via a network. Locking RDP and making sure of the use of strong security passwords will likewise help to stop ransomware attacks.

It is additionally essential to address the second most common cause of healthcare data breaches. Email security solutions will hinder nearly all email attacks, yet security awareness training for personnel should also be provided on a regular basis. One of the most crucial steps to undertake is to utilize multi-factor authentication on all email accounts. It’s usually only after going through a phishing attack that healthcare companies use multi-factor authentication, however by being proactive, it’s possible to prevent email account breaches.

Microsoft explained in a 2020 blog post that multi-factor authentication is the most essential security tool to employ to prevent phishing attacks and it can stop 99.9% of phishing attacks.