Healthcare providers experienced a 121% spike in malware attacks in 2021.
Providers experienced 121% spike in malware attacks in 2021
May 05, 2022
by John R. Fischer, Senior Reporter
In 2021, healthcare providers saw a 121% spike in malware and were the prime target of IoT malware attacks with a 71% year-over-year increase, according to SonicWall’s 2022 Cyber Threat Report.
A developer of internet appliances for content control and network security, SonicWall explored the vulnerability of the healthcare industry in its biannual report. It found that an average 16.3% of healthcare customers were the targets of malware attacks in any given month. Additionally, it says that hospitals and health systems have seen higher increases in other types of cyber threats.
“The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What's more alarming is that at the time of this report, there appears to be a staggering 8 million “individuals affected” for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.
Compared to healthcare, the government experienced a 46% increase in IoT malware, and both education and retail saw these attacks rise by 28%. Chavoya says this may be because healthcare IT and IoT infrastructure is complex, overburdened and limited by legacy systems that are no longer being upgraded. These legacy systems often require specialized staff to continue to operate them. Additionally, many hospitals use connected devices from third-party providers, which makes it difficult to maintain the same cybersecurity standards universally.
But despite seeing the largest jump in such attacks, healthcare had the lowest percentage of customers targeted by them. The authors say this may be because of the fact that providers often keep IoT devices on their own separate and highly secured networks due to their life-and-death nature. This makes them largely inaccessible to other devices.
And even though it saw a huge increase in general malware attacks, it still was not the likeliest to experience such an attack with 16.3% reporting one in any given month, compared to 22.5% of educational institutions.
The sector also experienced a triple digit increase year-over-year in cryptojacking volume. Spread primarily through fileless malware, phishing attempts and malvertising, cryptojacking volume threats rose 19% globally for all industries to 97.1 million in 2021. This was the most attacks that SonicWall Capture Labs threat researchers have ever recorded in a single year.
Additionally, healthcare recorded over 2.6 million Log4J exploit attempts between December 2021 and January 2022. The attacks targeted a vulnerability in the Apache Log4j, a popular Full Open-Source Software (FOSS) logging library. Devices carrying the application became vulnerable when they went online, and some legacy products remained that way because they were no longer receiving updates. This includes some critical healthcare systems.
As hospitals continue to become a lucrative business for ransomware attackers, threats are expected to increase. This is because of the amount of previously unnoticed vulnerabilities and weaknesses in their operations, along with the desire for information found in healthcare documents. And because their systems now require constant access, many are more likely than in the past to pay ransomware demands.
But Chavoya says there are ways to protect against such scenarios, with the first being to educate staff about security awareness and how to identify red flags that signal an oncoming attack. Providers should also replace local accounts with password requirements with least privilege and federated Identity and Access Management security that requires multifactor authentication, and keep up with patching to stop attack exploits like Log4J.
In addition, they should abide by federal government initiatives and guidelines for obtaining information; produce business impact analysis reports on major challenges, cycles and technology enablements around ePHI/PHI data; and implement endpoint security on critical assets identified in business impact analyses.
“Though the single constraint remains, healthcare as a sector has not fared well in cybersecurity, likely because healthcare providers tend to have smaller budgets and fewer resources. While cyberdefense initiatives in Israel, the U.K. and worldwide are beginning to have an impact, it is still mostly up to the healthcare institutes themselves to fight off this offensive,” said Chavoya.
A developer of internet appliances for content control and network security, SonicWall explored the vulnerability of the healthcare industry in its biannual report. It found that an average 16.3% of healthcare customers were the targets of malware attacks in any given month. Additionally, it says that hospitals and health systems have seen higher increases in other types of cyber threats.
“The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What's more alarming is that at the time of this report, there appears to be a staggering 8 million “individuals affected” for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.
Compared to healthcare, the government experienced a 46% increase in IoT malware, and both education and retail saw these attacks rise by 28%. Chavoya says this may be because healthcare IT and IoT infrastructure is complex, overburdened and limited by legacy systems that are no longer being upgraded. These legacy systems often require specialized staff to continue to operate them. Additionally, many hospitals use connected devices from third-party providers, which makes it difficult to maintain the same cybersecurity standards universally.
But despite seeing the largest jump in such attacks, healthcare had the lowest percentage of customers targeted by them. The authors say this may be because of the fact that providers often keep IoT devices on their own separate and highly secured networks due to their life-and-death nature. This makes them largely inaccessible to other devices.
And even though it saw a huge increase in general malware attacks, it still was not the likeliest to experience such an attack with 16.3% reporting one in any given month, compared to 22.5% of educational institutions.
The sector also experienced a triple digit increase year-over-year in cryptojacking volume. Spread primarily through fileless malware, phishing attempts and malvertising, cryptojacking volume threats rose 19% globally for all industries to 97.1 million in 2021. This was the most attacks that SonicWall Capture Labs threat researchers have ever recorded in a single year.
Additionally, healthcare recorded over 2.6 million Log4J exploit attempts between December 2021 and January 2022. The attacks targeted a vulnerability in the Apache Log4j, a popular Full Open-Source Software (FOSS) logging library. Devices carrying the application became vulnerable when they went online, and some legacy products remained that way because they were no longer receiving updates. This includes some critical healthcare systems.
As hospitals continue to become a lucrative business for ransomware attackers, threats are expected to increase. This is because of the amount of previously unnoticed vulnerabilities and weaknesses in their operations, along with the desire for information found in healthcare documents. And because their systems now require constant access, many are more likely than in the past to pay ransomware demands.
But Chavoya says there are ways to protect against such scenarios, with the first being to educate staff about security awareness and how to identify red flags that signal an oncoming attack. Providers should also replace local accounts with password requirements with least privilege and federated Identity and Access Management security that requires multifactor authentication, and keep up with patching to stop attack exploits like Log4J.
In addition, they should abide by federal government initiatives and guidelines for obtaining information; produce business impact analysis reports on major challenges, cycles and technology enablements around ePHI/PHI data; and implement endpoint security on critical assets identified in business impact analyses.
“Though the single constraint remains, healthcare as a sector has not fared well in cybersecurity, likely because healthcare providers tend to have smaller budgets and fewer resources. While cyberdefense initiatives in Israel, the U.K. and worldwide are beginning to have an impact, it is still mostly up to the healthcare institutes themselves to fight off this offensive,” said Chavoya.