By Jeff Wardon, Jr., Assistant Editor

Black Kite released a report that highlights the disproportionate targeting of healthcare organizations by ransomware groups. Healthcare is the third-most-targeted sector. Physicians offices make up 25 percent of the attacks, with general medical and surgical hospitals follow closely behind with 25 and 22 percent, respectively.  

According to the report, the Change Healthcare cyberattack was a turning point in cybersecurity, prompting ransomware groups to adopt more aggressive tactics. Cyber criminals now prioritize ease of access and ransom potential over traditional ethical boundaries, putting small, resource-constrained healthcare businesses and larger organizations with greater ransom-paying ability at risk. 

Among those tactics is the practice of double extortion, where cybercriminals take not only systems offline and hold the data for ransom, but also steal the data and threaten to leak it to the public, Eroll Weiss, chief security officer at Health-ISAC, previously told Healthcare Facilities Today. It can also rise to triple extortion, where the cybercriminals utilize distributed denial of service (DDoS) attacks to take down an organization’s main website and keep it down until the victim pays.  

The stakes are high as ransomware attacks not only disrupt operations but also endanger patients' safety. With the level of quadruple extortion, patients themselves become the targets of cybercriminals according to Weiss. 

“So, they steal the data, and they know which patients are in the records they have access to,” says Weiss. “They may even have their e-mail addresses. Now, they go back to the patients and threaten to release their personal information unless that patient victim pays the attackers directly.” 

The report suggests proactive measures like monitoring vulnerabilities, vendor ecosystems and implementing strong cyber hygiene to protect healthcare organizations. Cybersecurity and Infrastructure Agency (CISA) has created the Known Exploited Vulnerability List, which determines the areas that are being exploited, what weaknesses exist and how cybercriminals are using these vulnerabilities to their advantage to attack.  

Additionally, backing up systems is a crucial measure to take to safeguard important data from being poached and rendered inaccessible following an attack. The backup strategy has to be immutable, Ben DeBow, founder and chief executive officer at Fortified, previously told Healthcare Facilities Today. Meaning, an organization’s strategy can’t be zeroed out and the data also can’t be overwritten, as a challenge with ransomware attacks is if the perpetrators are in the systems for an extended period, they can overwrite the data. If this were to happen, the healthcare organization will have no data to revert back to before the ransomware attack occurred. 

“One of the challenging things today to with organizations is they have an immense amount of data which adds to the complexity of how you protect all your data,” says DeBow. “I always focus and work with companies on protecting your most important data that runs the business.” 

Jeff Wardon, Jr., is the assistant editor for the facilities market.