Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

February 22, 2018
by Rajiv Leventhal
| Reprints

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

The report, which looked at more than 2,600 data incidents in 2017, spanning several industries, noted that ransomware remained a constant threat in 2017, including two notable worldwide attacks—WannaCry and NotPetya (though as the report clarified, the NotPetya malware was suspected to be the result of Russia weaponizing an existing version of ransomware for what appears to have been an attack on Ukraine’s infrastructure).

As such, the report found that 45 percent of all ransomware attacks studied in 2017 were in the healthcare sector. The next highest industry for volume of ransomware attacks were financial (12 percent) and professional services (12 percent). Overall, the rise of ransomware attacks across all industries continues to be a significant concern; the report revealed an 18-percent increase in ransomware incidents in 2017.

What’s more, of the more than 2,600 breach incidents studied, hacks or malware accounted for 36 percent of them; followed by accidental disclosure at 28 percent; and then insider and social engineering, both accounting for 10 percent.

Further regarding healthcare, the report noted that the Department of HHS for the Office Civil Rights (OCR) heightened its activity in 2017 with nine resolution agreements enforced against healthcare organizations and higher post-breach monetary payments than imposed previously. The average settlement amount that a breached organization agreed to pay increased significantly in 2016, although the total amount of breach penalty money did decline from 2016 to 2017. As the report stated, “OCR has more resources at its disposal and far less patience for HIPAA non-compliance.”

Katherine Keefe, global head of BBR Services said in a statement, “Criminals are intent on stealing data or extorting cash and their methods are becoming more sophisticated by the day. Wherever weaknesses exist—in systems, processes or simple human fallibility—every organization regardless of sector and size is vulnerable.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



White House Proposes Restructuring, Renaming HHS as Part of Broad Reorganization Plan

A sweeping government reorganization plan released by the White House Thursday proposes restructuring and renaming HHS, including moving many public assistance programs from USDA to HHS.

CMS Introduces Data Element Library

The Centers for Medicare & Medicaid Services (CMS) has announced the launch of its Data Element Library (DEL), with the overarching goal to support the exchange of electronic health information.

Data Breach at Health Billing Company Exposes PHI of 270,000 People

A healthcare data breach at Med Associates, a Lathan, N.Y.-based health billing company, that may have exposed the protected health information (PHI) of 270,000 people, according to local media reports.

CMS to Host Blue Button 2.0 Developer Conference

The Centers for Medicare & Medicaid Services will host the first Blue Button 2.0 Developer Conference at the General Services Administration national headquarters in Washington, D.C., on Monday, Aug. 13, 2018.

House Passes Bill to Align HIPAA, 42 CFR Part 2

The U.S. House of Representatives recently passed a bill designed to align 42 CFR Part 2 with HIPAA for the purposes of health care treatment, payment, and operations. One goal of the change is so that care can be better coordinated and providers can have appropriate access to all of a patient’s medical record, including information about substance use disorders.

MedStar Health Awarded Grant to Pilot Apps for Patient-Reported Outcome Data

A team of researchers from Maryland-based MedStar Health has been awarded an 18-month contract from AHRQ to support the development and testing of technical tools and apps that can be used to collect patient-reported outcome data.