7 ways cyber attacks have become more dangerous

Published
  • January 09 2018, 4:00am EST

7 ways that ransomware and hacks are becoming more dangerous

The risk associated with ransomware is on the rise—in 2017, ransomware attacks increased by 89 percent, compared with the previous year, according to Cryptonite, which sells security technology that prevents all-attacker reconnaissance and lateral movement. “The hard evidence of the prominent rise in the use of targeted ransomware attacks against healthcare institutions in 2017 is substantial,” the company says. Here is a look at the company’s newest security report.

Ransomware attacks increase

In 2017, major ransomware events affecting 500 or more individuals represented 25.7 percent of all reported events attributed to hacking by reporting entities. Ransomware provides more immediate rewards to hackers by threatening access to medical care in exchange for the immediate disbursement of digital funds.

Content Continues Below

Parallel threats exist

If a cyberattacker can encrypt a provider’s data and hold it hostage, then they have access to it, and it can be generally assumed that they therefore viewed and breached the data, according to Cryptonite. “We have no specific evidence, but it also seems logical at some point that an attacker that has successfully
penetrated a healthcare network can first steal the medical records, and then start a ransomware attack in motion. This might double their profits over using only one of the attack vectors,” the company says.

Hacking events rise

The total major IT/hacking events reported by healthcare entities to the HHS Office for Civil Rights rose from 113 in 2016 to 140 last year, a 24 percent increase.

Number of compromised records falls

During 2017, 3,442,748 records were reported compromised, a substantial decrease from the 13,425,263 records compromised in 2016. However, hackers were diversifying their attacks against a broader mix of healthcare entities in 2017. In 2015 and 2016, cyber criminals were targeting huge organizations such as
Anthem, Premera Blue Cross, Banner Health and Newkirk Products. “This low-hanging fruit has to some extent been harvested, and attackers are now increasingly turning attention to the broader mix of healthcare entities,” the organization says.

Content Continues Below

Targets are smaller but richer

Refinement of ransomware tools lowers the cost and time it takes attackers to target smaller entities, and that’s what they are doing now. They can cost effectively reach physician practices, surgical centers, diagnostic laboratories, MRI/CT scan centers and many other smaller yet critical healthcare institutions. “This is the beginning of a trend that will increase very substantially in 2018 and 2019,” Cryptonite warns.

New threats emerge for IoT

Internet of Things devices are new and expanding opportunities for attackers who target healthcare networks for two top reasons—to steal medical records or extort ransom payments. “Medical records are highly prized to support identity theft and financial fraud,” says Michael Simon, President and CEO at Cryptonite. “While 2017 was the year of ransomware, we are anticipating this already hard-hit sector will feel the wrath of cyber criminals targeting the hundreds of thousands of IoT devices already deployed in healthcare.”

Records prices are falling

Medical records continue to have monetary value, yet the price of records is going down because of the massive amount of records already listed for sale. In 2012, the price of a record could hit $50. In 2017, the high price hit $10, with some records priced as low as 50 cents to $1.

Content Continues Below

Attack surface is growing

Today, about 90 percent of providers are using electronic medical records. Virtually all of the records are online and Internet accessible. Many have online electronic interfaces to diagnostic labs and provide online access to ambulatory physicians using mobile and tablet computers. “All of this creates a perfect
storm for cyber attackers and sets the stage for a continued successful breach of electronic protected health information,” according to Cryptonite. “Medical devices have emerged as high vulnerability areas within healthcare networks. Hospitals and physician practices cannot install standard cyber security software. There is no easy way to have visibility into the state of these devices or to detect the presence of attacker tools or a ‘backdoor’ into the medical device.”

More information



Cryptonite’s full report is available here.