Which profession is hardest hit by global cyber incident surge?

Analysts highlight the importance of innovation in taking on system vulnerabilities

Which profession is hardest hit by global cyber incident surge?

Cyber

By Jonalyn Cueto

A recent ransomware report reveals an alarming increase in attacks worldwide, with medical specialists experiencing the highest concentration of incidents. Corvus’s Q1 2024 Ransomware Report documents a 21% increase in ransomware attacks compared to the same period last year, setting a record for the most active first quarter in history.

According to Corvus, the rise in attacks comes despite significant disruptions for notorious ransomware gangs LockBit and BlackCat, suggesting that the ecosystem of cybercriminals remains resilient and adaptable.

How many ransomware attacks are there?

  • Global increase: The number of ransomware attacks in Q1 2024 was 21% higher than in Q1 2023, with 1,075 leak site victims reported.
  • New gangs emerging: In the wake of disruptions for established ransomware groups like LockBit and BlackCat, 18 new leak sites appeared throughout Q1, indicating a shift in the criminal landscape.
  • Medical specialists targeted: Medical practices, including specialists and family clinics, experienced a 38% increase in ransomware attacks from the previous quarter, the largest increase across all sectors.

Why is the healthcare industry targeted for cyberattacks?

The healthcare industry has long been a target for ransomware groups due to the sensitive nature of patient data and the critical services provided by medical institutions. The report shows that medical practices faced the brunt of attacks in Q1 2024, with a 38% increase in incidents from Q4 2023. This increase is alarming, as it highlights the potential for disruption to patient care and the financial burden on healthcare providers.

In the previous year, groups like BlackCat, BianLian, and LockBit were responsible for a significant portion of the attacks on medical practices. BlackCat alone accounted for 17% of the total leak site victims, while BianLian and LockBit each held 20% and 15% respectively. Although BlackCat’s operations have diminished following their recent shutdown, the dispersion of affiliates has led to new players entering the field.

Impact of cyberattacks on the healthcare industry

The healthcare sector’s reliance on technology for patient records, billing, and other critical functions makes it an attractive target for ransomware gangs, according to the report. The consequences of such attacks can be severe, ranging from data breaches to the interruption of patient care. The most recent attack on Change Healthcare by the ALPHV/BlackCat group was on March 6, 2024. It affected thousands of medical practices and pharmacies across the United States. Typically, a ransomware group will distribute profits among its members. However, Corvus noted that, in this case, BlackCat’s leaders kept all the funds and abruptly terminated operations. The affiliates then expressed their frustrations on dark web forums about not receiving their share of the purported $20 million ransom.

Corvus’s report underscores the importance of cybersecurity measures in healthcare, particularly in addressing vulnerabilities in internet-facing tools and ensuring timely patch management. The rapid adaptation of ransomware groups in exploiting these vulnerabilities emphasizes the need for robust defence mechanisms.

“This report reaffirms the adaptability of the ransomware ecosystem, which seems to stabilize rapidly after significant events without substantial interruption to operations,” Corvus’s analysts wrote in the report. “It is a stark reminder that the fight against cyber threats is ongoing, requiring constant vigilance and collaboration to protect vulnerable systems and data.”

Have something to say about this story? Leave a comment below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!