Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

July 18, 2018
by Heather Landi
| Reprints
Click To View Gallery

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Rockville, Md.-based Cryptonite.

In its healthcare cyber research report, Cryptonite researchers also credit this decline in ransomware events to healthcare organizations’ deploying best practice technologies to better protect and defend their networks.

The report is based on an analysis and review of data on cyberattacks impacting healthcare institutions across the United States between January 1, 2018 and June 30, 2018. The firm’s analysis and review of government data, internet sources and the direct experience of its security operations center (SOC) provide the baseline data for the analysis.

The report finds ransomware attacks actually reversed course in 2018 and trends lower in the first half of this year. While ransomware attacks rose in 2017, with an 89 percent increase in the frequency of reported attacks, these attacks as major IT/hacking data breach events impacting over 500 patient records dropped from 19 major data breaches in the first half of 2017 (the comparison period) to 8 major data breaches in the first half of 2018, marking a decrease of 57 percent.

Ransomware attacks reported as a percent of major IT/hacking data breach events impacting over 500 patient records dropped to 13.56 percent in the first six months of 2018, the report states. This metric peaked in the first half of 2017, at 30 percent, and then has declined in the two subsequent periods, dropping to 22 percent in the second half of 2017.

The report authors credit this drop to healthcare organizations adding micro-segmentation to networks, as well as specialized software to address ransomware threats. In the largest hospitals, new Zero Trust technologies have been added to the existing mix of defense in depth technologies to expand and harden the defensive perimeters, the report states.

The report authors also note that this data appears to be consistent with other sources. Kaspersky Lab recently found that the total number of ransomware events decreased by approximately 30 percent from 2016-2017 to 2017-2018, the report notes. “The Kaspersky report notes that ransomware attackers are searching for more profitable activities such as cryptojacking. Per Kaspersky, they have found that ransomware is ‘rapidly vanishing,’ and that cryptocurrency mining is starting to take its place,” the Cryptonite report authors wrote.

“We do believe that ransomware still presents a formidable threat to healthcare and expect new variants, such as AI-based malware, to present very difficult challenges to healthcare institutions later in 2018 and into 2019,” the report authors wrote.

Based on the firm’s analysis, patient records (ePHI) breached in the first half of 2018 came in at 1,928,432, which is slightly higher than previous time periods. In context 1,674,793 ePHI records were breached in the first six months of 2017 and 1,767,955 ePHI records were breached in the second half of 2017.

Overall, total healthcare major data breaches so far in 2018 came in at 59 events, and seems headed towards a projected total of between 120 and 150 total events by the end of the year. The report notes that this appears to be trending lower than previous years. If the first half of 2018 was annualized to 118 events, this would compare favorably to 2017 measured at 140 reported major IT/hacking events, the report states.

The positive trend in reduction of the use of ransomware is overshadowed by the continue high volume of major attack, the report authors wrote.

In the report, the authors also offer recommendations to strengthen healthcare cyber defense. New best practice technologies such as moving target cyber defense (MTD) and network micro-segmentation, can detect and defeat many of the attacks leveraged by vulnerabilities found in most healthcare networks, the report authors wrote.

“A Zero Trust environment can be constructed by combining moving target cyber defense (MTD) and network micro-segmentation technologies. In summary, a Zero Trust environment allows healthcare networks to stop and defeat attackers, ransomware, and insider threats,” the report authors wrote.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Amazon, Google, IBM and Other Tech Giants Pledge to Remove Barriers to Interoperability

Six of the world's biggest technology companies, including Microsoft, Google, IBM and Amazon, made a joint pledge at the White House Monday to remove interoperability barriers and to make progress on adoption of health data standards.

Mayo Clinic Elects New President and CEO

Gianrico Farrugia, M.D., current vice president, Mayo Clinic, and CEO of Mayo Clinic in Florida has been elected as the president and CEO of the Mayo Clinic, headquartered in Minnesota.

Fitbit, Blue Cross Blue Shield Launch Mobile Health Partnership

San Francisco-based fitness wearable maker Fitbit continues its push into the health plan market with a new digital health deal to incorporate its fitness tracker into health and wellness programs.

ASCO Picks IBM Watson Exec to Lead CancerLinQ

The American Society of Clinical Oncology (ASCO) has named a former IBM Watson executive as the new CEO of its CancerLinQ big data platform.

CVS Health’s MinuteClinic Launches New Telehealth Offering

CVS’ MinuteClinic, the company’s retail medical clinic, is rolling out a new telehealth healthcare offering for patients with minor illnesses and injuries, skin conditions and other wellness needs.

Report: More than 3M Patient Records Breached in Second Quarter of 2018

More than 3.14 million patient records were breached in 142 disclosed health data breach incidents during a three-month span from April to June 2018, according to new data released in the Protenus Breach Barometer.