Business Team Investment Entrepreneur Trading Concept
7 ways that ransomware and hacks are becoming more dangerous
The risk associated with ransomware is on the rise—in 2017, ransomware attacks increased by 89 percent, compared with the previous year, according to Cryptonite, which sells security technology that prevents all-attacker reconnaissance and lateral movement. “The hard evidence of the prominent rise in the use of targeted ransomware attacks against healthcare institutions in 2017 is substantial,” the company says. Here is a look at the company’s newest security report.
Jan. 8 18 AdobeStock_126193401 A.jpeg
Magnifying glass with the word evaluation on grass background. Selective focus
Ransomware attacks increase
In 2017, major ransomware events affecting 500 or more individuals represented 25.7 percent of all reported events attributed to hacking by reporting entities. Ransomware provides more immediate rewards to hackers by threatening access to medical care in exchange for the immediate disbursement of digital funds.
Jan. 8 18 AdobeStock_50435875 B.jpeg
Parallel threats exist
If a cyberattacker can encrypt a provider’s data and hold it hostage, then they have access to it, and it can be generally assumed that they therefore viewed and breached the data, according to Cryptonite. “We have no specific evidence, but it also seems logical at some point that an attacker that has successfully
penetrated a healthcare network can first steal the medical records, and then start a ransomware attack in motion. This might double their profits over using only one of the attack vectors,” the company says.
Jan. 8 18 AdobeStock_83008674 C.jpeg
Online Security Technology and Hacking Risk Alert Concept
Hacking events rise
The total major IT/hacking events reported by healthcare entities to the HHS Office for Civil Rights rose from 113 in 2016 to 140 last year, a 24 percent increase.
Jan. 8 18 AdobeStock_80029499 D.jpeg
Medical records envelope attached to a file-folder with Confidential text, isolated on white
Number of compromised records falls
During 2017, 3,442,748 records were reported compromised, a substantial decrease from the 13,425,263 records compromised in 2016. However, hackers were diversifying their attacks against a broader mix of healthcare entities in 2017. In 2015 and 2016, cyber criminals were targeting huge organizations such as
Anthem, Premera Blue Cross, Banner Health and Newkirk Products. “This low-hanging fruit has to some extent been harvested, and attackers are now increasingly turning attention to the broader mix of healthcare entities,” the organization says.
Jan. 8 18 AdobeStock_21606937 E.jpeg
Targets are smaller but richer
Refinement of ransomware tools lowers the cost and time it takes attackers to target smaller entities, and that’s what they are doing now. They can cost effectively reach physician practices, surgical centers, diagnostic laboratories, MRI/CT scan centers and many other smaller yet critical healthcare institutions. “This is the beginning of a trend that will increase very substantially in 2018 and 2019,” Cryptonite warns.
Jan. 8 18 AdobeStock_113583993 F.jpeg
smart city and wireless communication network, abstract image visual, internet of things
New threats emerge for IoT
Internet of Things devices are new and expanding opportunities for attackers who target healthcare networks for two top reasons—to steal medical records or extort ransom payments. “Medical records are highly prized to support identity theft and financial fraud,” says Michael Simon, President and CEO at Cryptonite. “While 2017 was the year of ransomware, we are anticipating this already hard-hit sector will feel the wrath of cyber criminals targeting the hundreds of thousands of IoT devices already deployed in healthcare.”
Jan. 8 18 AdobeStock_79646562 G.jpeg
Records prices are falling
Medical records continue to have monetary value, yet the price of records is going down because of the massive amount of records already listed for sale. In 2012, the price of a record could hit $50. In 2017, the high price hit $10, with some records priced as low as 50 cents to $1.
Jan. 8 18 AdobeStock_94367414 H.jpeg
Conclusions Concept. Colored Document Folders Sorted for Catalog. Closeup View. Selective Focus.
Attack surface is growing
Today, about 90 percent of providers are using electronic medical records. Virtually all of the records are online and Internet accessible. Many have online electronic interfaces to diagnostic labs and provide online access to ambulatory physicians using mobile and tablet computers. “All of this creates a perfect
storm for cyber attackers and sets the stage for a continued successful breach of electronic protected health information,” according to Cryptonite. “Medical devices have emerged as high vulnerability areas within healthcare networks. Hospitals and physician practices cannot install standard cyber security software. There is no easy way to have visibility into the state of these devices or to detect the presence of attacker tools or a ‘backdoor’ into the medical device.”
Jan. 8 18 AdobeStock_61568304 I.jpeg
Education concept: text Learn More on Black chalkboard background, 3d render
More information

Cryptonite’s full report is available here.