Ransomware operators have long employed a double extortion tactic where they first exfiltrate sensitive data before encrypting systems, leveraging the data to compel a ransom payment and often demanding a second payment for the data itself.
This tactic is even more insidious when the stolen data is highly sensitive personally identifiable health information, and the exposure of this data is driving a new wave of lawsuits. There have been nearly a dozen lawsuits filed in the last year that include both individual and class-action cases.
"No longer satisfied with targeting hospitals and clinics alone, cyber criminals are directly targeting patients, demanding payments as modest as $50 to prevent the publication of intimate photos and sale of other sensitive medical records on the dark web... [now] Healthcare providers are accused of failing to safeguard their patients’ most sensitive data and inadequately addressing the aftermath of security breaches,” Bloomberg Law reports.
“It may be that smaller companies with very sensitive data become a new focus of hackers’ efforts. Those companies will have to think about how they are going to respond to a new risk or a higher risk than they had previously faced, when they may have fewer resources.”
Takeaway: A recent study revealed that ransomware attacks against the healthcare sector have bled the US economy of tens of billions of dollars in over the past seven years, with 539 attacks reported impacting nearly 10,000 healthcare facilities and over 52 million patient records compromised.
Ransomware attacks against healthcare providers pose a significant threat to human life, and it’s only a matter of time before we may see these attacks end catastrophically.
We should feel very fortunate that there have not been more tragic outcomes attributed to disruptions to care caused by the relentless onslaught of ransomware attacks against the healthcare sector.
Ransomware operators continue to victimize healthcare providers because the sector typically lacks the appropriate budgets and staff to maintain a reasonable security posture.
Criminal ransomware groups know that the impact of an attack against healthcare organizations does not just disrupt everyday business, it directly affects the lives of their patients.
For example, last year the BlackCat /ALPHV ransomware gang attempted to extort a Pennsylvania healthcare provider by publishing private, compromising clinical photographs of breast cancer patients.
More recently, ransomware operators were observed threatening patients whose data had been exposed with swatting, a harassment tactic that involves calling in bomb threats or other false reports to law enforcement to prompt an armed response to the victim's home.
Data extortion and ransomware groups continue to demonstrate time and time again that there is no line they will not cross to enrich themselves. Organizations are at risk of double extortion if they cannot detect the earliest stages of ingress, lateral movement on the network, credential theft, privilege escalation and data exfiltration.
The problem is, most organizations are unaware they are the victim of a ransomware attack until the encryption payload and ransom note are delivered, which are the tail-end of the larger ransomware operation.
And while EPP/EDR/XDR do not do a good at catching ransomware attacks in progress, they have a poor record of stopping ransomware attacks, which is why we are seeing so many new victims daily.
Organizations at risk should deploy a dedicated anti-ransomware solution alongside those endpoint security tools to ensure they have the best chance at disrupting an attack before data can be exfiltrated or systems encrypted.
Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.