Report: Ransomware Attacks Against Healthcare Orgs Increased 89 Percent in 2017 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Ransomware Attacks Against Healthcare Orgs Increased 89 Percent in 2017

January 8, 2018
by Heather Landi
| Reprints
Click To View Gallery

The number of reported major IT/hacking events attributed to ransomware by health care institutions increased by 89 percent from 2016 to 2017, according to cyber defense firm Cryptonite’s 2017 Healthcare Cyber Research Report, which used data reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

The research conducted by Rockville, Md.-based Cryptonite looks at healthcare cyber attack activity last year and finds that 2017 was a very challenging year for healthcare institutions as these organizations remain under sustained attack by cyber attackers that continue to target their networks through the use of well understood vulnerabilities. According to the report, there were a total of 140 data breach events characterized and reported to HHS OCR as IT/hacking in 2017, representing an almost 24 percent increase over the 113 IT/hacking events reported in 2016. For an historical view, there were 57 reports for IT/hacking in 2015 and 35 reports in 2014.

The number of reported major IT/hacking events attributed to ransomware by health care institutions increased by 89 percent from 2016 to 2017. This was an increase from 19 reported events in 2016 to a total of 36 events in 2017. In 2017 ransomware events represented a quarter of all events reported to HHS/OCR and attributed to IT/hacking.

All six of the six largest IT/hacking healthcare events reported in 2017 were attributed to ransomware, according to the report.

The research found that there were 3,442,748 records reported compromised in 2017, a substantial decrease from 13,425,263 reported compromised in 2016 as cyber attackers diversified their attacks against a broader mix of healthcare entities.

“In past years, cyber criminals invested considerable time and effort in targeting the largest healthcare institutions as evidenced by the 2015 events impacting Anthem (78.8 million records), Premera Blue Cross (11 million records) and by the 2016 events impacting Banner Health (3.6 million records) and Newkirk Products (3.4 million records),” the report authors wrote. “This low hanging fruit has to some extent, been harvested and attackers are now increasingly turning their attention to the broader mix of health care entities.”
What’s more, the report authors note that the emergence and refinement of advanced ransomware tools lowers both the cost and the time for cyber attackers to target smaller healthcare institutions – now they can cost effectively reach physician practices, surgical centers, diagnostic laboratories, MRI/CT scan centers and many other smaller yet critical healthcare institutions. And, the report authors predict that this is the beginning of a trend that will increase very substantially in 2018 and 2019.

Internet of Things (IoT) devices in healthcare also represent new and expanding opportunities for cyber attackers. “Cyber attackers target healthcare networks primarily for two primary reasons – to steal the medical records they contain or to extort ransom payments. Medical records are the targets of choice, as this data is highly prized to support identity theft and financial fraud,” Michael Simon, president and CEO of Cryptonite, said in a statement. “While 2017 was the year of ransomware, we are anticipating this already hard-hit sector will feel the wrath of cyber criminals targeting the hundreds of thousands of IoT devices already deployed in healthcare. Internet of Things (IoT) devices are now ubiquitous in health care – they are already present in intensive care facilities, operating rooms and patient care networks.”

According to Cryptonite researchers, medical records represent the most comprehensive set of records for an individual, rivalling those records stored within credit bureaus for completeness and criminal utility. For these reasons medical records are attractive for sale on the dark web where they continue to demand high premiums from criminal purchasers. Despite the value of a health care medical record, their price on the dark web is decreasing due to the massive quantity of medical records already listed for sale. In 2012, for example, the price of a medical record often went for as much as $50. In 2017 the price of a typical medical record has been as high as $10 with the average price as low as $.50 to $1.00 per record, the report states.

The researchers concluded in the report that no category of health care has been able to avoid these cyber attacks. This has included health care insurers, hospitals, physician practices, physician organizations (accountable care organizations - ACOs, independent physician organizations - IPAs, and managed care organizations - MCOs) and a broad variety of other important health entities such as surgical centers, skilled nursing facilities, urology centers, vision surgical centers, cancer treatment centers, MRI/CT-scan centers and diagnostic laboratories.

“Less than ten years ago, most physicians updated patient records manually and stored them in color coded file systems. By the end of 2017 industry data suggests that approximately 90 percent of the office-based physicians have moved to use an electronic system (electronic health records - EHR / electronic medical records - EMR) for the storage, retrieval and management of this electronic health data. Virtually all of these systems are online and internet accessible,” the report authors wrote. “All of this creates a perfect storm for cyber attackers and sets the stage for a continued successful breach of electronic protected health care information.”

The report also offers a number of recommendations for healthcare organizations to strengthen their cybersecurity profile. “It becomes imperative to deploy a comprehensive strategy both to detect and deter the sophisticated attacker moving through the network, as well as the multitudes of ransomware tools that they will deploy into 2018 and 2019,” the report states.

New best practices and the technologies that support them, such as network micro-segmentation, can detect and defeat many of the attacks leveraged by vulnerabilities found in most health care networks, the report states. “The speed of detection response is always of the essence. A Zero Trust environment can be constructed by combining moving target cyber defense (MTD) and network micro-segmentation technologies. A Zero Trust environment allows health care networks to stop and defeat attackers, ransomware, and insider threats,” the report states.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.

Epic Wins Labor Dispute in Closely Divided Supreme Court Decision

Epic Systems Corporation won a major labor-law ruling in the Supreme Court on Monday, centering around the extent of corporations’ right to force employees to sign arbitration agreements, and with a 5-4 ruling in its favor

Survey: Two-Thirds of Physician Practices Seeking Out Value-Based Care Consulting Firms

Most physician organizations are not prepared for the move to value-based care, and 95 percent CIOs of group practices and large clinics state they do not have the information technology or staff in-house needed to transform value-based care end-to-end, according to a recent Black Book Market Research.

Cumberland Consulting Buys LinkEHR, Provider of Epic Help Desk Services

Cumberland Consulting Group, a healthcare consulting and services firm, has acquired LinkEHR, which provides remote application support, including Epic help desk services.

Population Health Tool that Provides City-Level Data Expands to 500 Cities

A data visualization tool that helps city officials understand the health status of their population, called the City Health Dashboard, has now expanded to 500 of the largest cities in the U.S., enabling local leaders to identify and take action around the most pressing health needs in their cities and communities.