Canadian healthcare sector sees massive spike in ransomware attacks

Canadian healthcare sector sees massive spike in ransomware attacks | Insurance Business

Canadian healthcare sector sees massive spike in ransomware attacks

A year-end blog report by cybersecurity company Check Point Software Technologies found that ransomware attacks against healthcare organizations increased during the last few months of 2020 – with Canada seeing the highest spike in such attacks.

Last October, Check Point reported that a “rising wave” of ransomware attacks was staged against hospitals and healthcare organizations, and that most of the attacks involved the infamous Ryuk ransomware. Since then, the cybersecurity company found that cybercrime did not slow down over the holidays, noting a further 45% increase in attacks against healthcare groups internationally over the past two months.

While the cyberattacks during the last two months involved different vectors such as botnets, remote code execution, and DDoS attacks, ransomware remains the most popular malware delivery method for malicious actors, the report found. Ransomware showed the largest increase and is the biggest malware threat to healthcare groups compared to other sectors, Check Point also said.

In terms of cyberattacks against healthcare organizations by region, Central Europe saw the most increase in attacks, with a 145% increase in November. East Asia followed with a 137$ increase, and Latin America with a 112% increase. Europe and North America saw 67% and 37% increases, respectively.

However, when it came to specific countries, it was Canada that saw the most significant increase in cyberattacks during the two-month period, with an over 250% increase. Germany followed, with 220%. Meanwhile, Spain’s cyberattack count doubled during the period, Check Point noted.

Other key findings of the report include:

  • The average number of weekly attacks in the healthcare sector reached 626 per organization in November, compared with 430 in October.
  • The main ransomware variant used in attacks is Ryuk, followed by Sodinokibi.
  • The major motivation for threat actors with these attacks is financial. Moreover, hospitals are “under tremendous pressure” due to the ongoing rise in coronavirus cases and are willing to pay ransom in order to continue to provide care in this critical time.
  • Unlike common ransomware attacks (which are widely distributed through spam campaigns and exploit kits), the attacks against healthcare organizations using the Ryuk variant are “specifically tailored and targeted.”