6 emerging trends in cybersecurity this year

Cyberattacks in the healthcare industry have skyrocketed since the start of the pandemic, with 20 percent of Americans having a healthcare provider hit by a cyberattack in the last 12 months.

Becker's Hospital Review has compiled a list of the top six trends in cybersecurity on chief information security officers' radar for the year, from increased ransom demands to incentives to encourage good privacy practices in employees.

Six emerging trends to know:

1. Increased federal involvement.

 As data breaches become more profitable for threat actors, there is an increased need for federal assistance to tame the attacks.

In March, cyberattackers claimed at least 60,000 known victims globally in a Microsoft business email software attack. The attack prompted a response from a White House official, who told Bloomberg, "We are undertaking a whole of government response to assess and address the impact. This is an active threat still developing and we urge network operators to take it very seriously."

In April, the Justice Department formed a task force to curb cyberattacks by targeting the entire criminal ecosystem surrounding them. The task force will develop a strategy that takes aim at the entire criminal ecosystem around ransomware, including prosecutions, disrupting cybergang networks and targeting services that enable the attacks, such as hosting services where the campaigns are launched and online forums where the sale of ransomware is advertised.

2. More breaches, more often.

In the past few months, data breaches have consistently increased in size and have increased in frequency. In February, 22 organizations reported to HHS that 351,709 individuals were affected by data breaches. In March, those numbers surged to 1,116,997 health records affected at 36 organizations. Then again in April, data breaches reported to HHS nearly doubled to 2,121,186 health records affected at 41 organizations.

3. Network breaches become the top breach location.

Phishing attacks on employee email accounts were the top point of entrance for data breaches for five consecutive years. Network breaches have displaced phishing attacks, and 44 percent of data breaches reported to HHS occurred on healthcare companies' and vendor's networks. 

4. Surges in vendor breaches.

When a vendor's data is breached, it has the capability to affect many healthcare providers in one sweep. In a data breach that targeted the file transfer vendor Accellion, at least eight healthcare organizations and 3.38 million people's protected health information were compromised.

A data breach on cancer software company Elekta hit at least 40 health systems nationwide, and the number of people who have been affected is still being determined. 

Five hospitals and health systems were struck when an employee from RCM vendor Med-Data was found to be publishing PHI to a public website, affecting nearly 136,000 patients' data.

5. Larger ransom demands.

Although paying ransom to cyberattackers is not recommended, some healthcare companies do it anyway because of the financial risk of leaked data. In the healthcare industry, the average initial ransom demanded was $4,583,090 in 2020. On average, healthcare companies are paying threat actors $910,335 in ransom. 

In one report, the average ransom payment spiked by 43 percent. The report's researchers said when they examined hundreds of cases, they did not encounter an example where paying a cybercriminal the ransom has helped the victim mitigate liability or avoid damaging the business or brand.

The top ransomware group is Sodinokibi, which is estimated to have profited conservatively $123 million in 2020. The money ransomware groups get from victims is often reinvested into tools that enable better attacks at a more frequent pace. Some cybergangs are known to revisit former victims for new extortion requests.

6. Comprehensive employee training and incentives.

To keep hospitals safe, some CISOs have had to diversify their usual security training to keep hospital staff up to pace on the latest cyber-threats. 

Broomfield, Colo.-based SCL Health has recently reimagined its cyber-awareness program. It is focussing on more robust training with new benchmarks and reporting metrics. The hospital is working toward being more transparent with its training metrics and is rewarding employees with good security practices with prizes from the hospital store.

Newport, Vt.-based North Country Hospital's staff is utilizing the FBI's free cybersecurity training for hospital employees. Getting cybersecurity information directly from the FBI may help staff be more receptive to security initiatives.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars