Ransomware attacks launched against healthcare providers are on the rise as 2021 draws to a close.
The HHS Office for Civil Rights’ HIPAA Breach Reporting Tool points to several high-impact ransomware attacks related to the healthcare industry. In June, HHS reports, a large healthcare system in Savannah, Georgia, St. Joseph’s/Candler, was hit by a ransomware attack that affected 1.4 million people. Compromised personal information included patient names, addresses, dates of birth, Social Security numbers, driver’s license information, financial and health insurance plan data, and more.
Also making the HIPAA Breach Reporting Tool list, which includes ransomware attacks affecting 500 or more individuals, are several other 2021 attacks, including:
- University of Florida (UF) Health Central Florida (701,000 people affected)
- Scripps Health (147,000)
- Forefront Dermatology S.C. (2.4 million)
- Indiana Department of Health (750,000)
By Aug. 19, 2021, Healthcare Info Security reports, HHS had added 443 breaches impacting more than 31.1 million individuals. The majority of the healthcare ransomware attacks reported (around 74%) were attributed to hacking or IT breaches. Those breaches affected nearly 29.8 million individuals, or 96% of the total number of victims through Aug. 19. Other insights include:
- 42% of reported breaches (187 incidents) involved business associates
- 95 breaches affecting 1.1 million individuals were attributed to unauthorized access or disclosure
- 7 breaches involved the theft or loss of unencrypted computing devices (marking a significant improvement over years past when theft/loss was the dominant source of breaches)
- From 2009 through Aug. 19, 2021, 303.8 million individuals were impacted by 4.170 reported ransomware healthcare breaches
- One single breach, launched against Florida Healthy Kids Corp., affected 3.5 million individuals
Why is Healthcare an Attractive Target for Ransomware Attacks?
In the Healthcare Info Security article, John Delano, a regional CIO for AdventHealth and a healthcare security strategist for Critical Insight, says the healthcare sector has seen a doubling of breaches since 2018, a figure he expects to continue rising.
“There are no signs of this slowing down,” Delano says in the article. Delano says healthcare is targeted because of the value of electronic protected health information on the black market. “Scammers can monetize this data in a myriad of ways,” he says.
Delano also points out that healthcare providers often rely on legacy systems, which he says are “easy targets.” In the meantime, many healthcare providers are focusing more on telemedicine technologies in the wake of the COVID-19 pandemic. “Hospitals are completely full and looking for any solutions that will ease the burden of dealing with so many sick patients,” he explains. “Security it taking a back seat, and this increases the vulnerability.”
How MixMode Mitigates Healthcare Ransomware Attacks
While no tool can prevent ransomware altogether, the MixMode platform is a highly valuable intelligence tool that employs third-wave AI — the most advanced in the Cybersecurity industry — to scrutinize data streams across every entry point, establishing a generative baseline of expected network behavior as it evolves.
Events that would likely be missed entirely by legacy Cybersecurity and ransomware defense tools can be identified by MixMode as soon as they occur. The platform provides feedback on granular details like what users are clicking on, whether firewalls are performing as expected, and the integrity of recently-installed security patches. Even seemingly small deviations, such as unusual email activity and embedded attachments are detected by MixMode.
Legacy systems that rely on retroactive log analysis like SIEM are no match for ransomware attackers. By the time ransomware is detected within a network system, often the damage is already done or it’s too late to stop. Instead of the typical lag time, which can be weeks, or even months, MixMode delivers alerts within minutes.