Attacks on healthcare organizations increase 90 percent
There has been a 90 percent increase in the number of healthcare organizations targeted by cyber-attacks, in comparison with the first quarter of 2022.
The latest cyber threat Landscape report from Kroll finds that while phishing continues to be the vector used for initial access, there has been a vast increase in external remote services (such as VPNs and RDP environments) being compromised, up 700 percent.
"It is concerning to see healthcare rise so dramatically up the most targeted industry list, at a time when services are undoubtedly still under pressure as they recover from the strained environment caused by COVID-19," says Laurie Iacono, associate managing director for cyber risk at Kroll. "Ransomware is always disruptive, but its ability to grind company operations to a halt, becomes more significant in an environment where business continuity means saving lives. The legacy of the pandemic can perhaps also be seen in the vulnerability of external remote services. In Q2, we saw many ransomware groups take advantage of remote environments by using security gaps in those tools to compromise networks. All organizations -- and especially those in healthcare -- would do well to test the resilience of their external remote services and preparedness for ransomware in light of this latest report."
Specific threats noted include, in April, Emotet's binaries switching from a 32-bit to a 64-bit architecture, and developers experimenting with password protected email delivery methods with embedded ZIP files.
Healthcare has overtaken professional services as the top targeted sector in Q2, accounting for 21 percent of all Kroll cases, compared to only 11 percent in Q1 of this year. Common threat incident types impacting the healthcare sector include ransomware (33 percent), unauthorized access (28 percent) and email compromise (28 percent).
There's also been a rise in the use of double extortion tactics, where actors exfiltrate data prior to network encryption and then threaten to leak the stolen data as leverage during negotiations.
You can read more on the Kroll site.