The Rise of Ransomware Attacks in Healthcare: A Look at 2024
In recent years, ransomware attacks have become a pressing issue for organizations across various industries. However, perhaps no sector has been as heavily targeted as healthcare. According to new research by Barracuda Networks, more than a fifth (21%) of ransomware attacks in the past year were directed at healthcare organizations, up from 18% in the previous year.
These attacks have not only affected organizations’ operations but have also had a significant impact on patient care, with some incidents leading to cancelled operations and other critical services being disrupted.
But healthcare isn’t the only industry facing the brunt of ransomware attacks. Local government municipalities have also been heavily targeted, accounting for 17% of reported incidents. In the US alone, various local authorities, such as Jackson County in Missouri, Clay County in Indiana, and Coffee County in Georgia, have fallen victim, resulting in disruptions to services like tax payments and court operations.
While the education sector has seen a decrease in attacks from 18% to 9%, attacks against financial services have risen significantly from less than 1% to 6%. Manufacturing and technology firms have also been targeted, making up 15% and 13% of reported incidents, respectively.
Ransomware-as-a-Service: The Pervasive Threat
One of the key findings of the report was the prevalence of ransomware-as-a-service (RaaS) models in the attacks analyzed. LockBit, responsible for 18% of known attacks, targeted healthcare organizations, municipalities, and education institutions. Despite law enforcement takedowns, the group has resumed its operations, underscoring the challenges in combating these threats.
ALPHV/BlackCat accounted for 14% of attacks, with a significant portion targeting healthcare and financial services. The Rhysida gang, responsible for 8% of incidents, also focused its attacks on healthcare organizations.
Adam Khan, VP of Global Security Operations at Barracuda Networks, emphasized the challenges posed by ransomware-for-rent attacks, noting the difficulty in detecting and containing these threats due to the varied tools and tactics used by different cybercriminal customers.
Opportunities for Detection and Prevention
As ransomware groups prioritize data exfiltration over encryption, security teams have a window of opportunity to detect and prevent attacks during the post-compromise stage. According to the report, 44% of ransomware attacks were detected during the lateral movement stage, followed by file modifications (25%) and off-pattern behavior (14%).
As organizations continue to grapple with the evolving threat landscape, it’s essential to be proactive in defending against ransomware attacks. By understanding the tactics and strategies employed by cybercriminals, businesses can better protect themselves and mitigate the impact of potential incidents.
For more insights on post-compromise security and how to respond when hackers breach your systems, read our in-depth guide.