Medical IoT increasingly targeted as ransomware attacks against healthcare rise 89% YoY

2017 was a year that battered the U.S. healthcare industry, from a cybersecurity standpoint. And 2018 will bring a surge in targeted attacks as cybercriminals diversify their strikes against a broader mix of healthcare entities, according to new research. Internet of Things (IoT) devices in healthcare are also a new expanding opportunity for cyberattackers.

More data records were lost or stolen in the first half of 2017 than in all of 2016. And, according to a 2017 Health Care Cyber Research Report, healthcare breaches involving ransomware increased 89% year-over-year.

End-of-year research indicates 2017 saw 140 data breach events characterized as IT/Hacking, representing an almost 24% increase over the 113 such events in 2016.

2017 – year of ransomware

A quarter of all IT hacking events reported to Health and Human Services Office of Civil Rights (HHS/OCR) were ransomware. And six of the largest IT/Hacking healthcare events reported in 2017 were attributed to ransomware, according to the report. So why are hackers so “fond” of healthcare providers?

Researchers believe this is the beginning of a trend that will grow to unprecedented proportions in the next two years: attackers are increasingly turning their attention to the broader mix of health care entities.

“The emergence and refinement of advanced ransomware tools lowers both the cost and the time for cyberattackers to target smaller healthcare institutions – now they can cost effectively reach physician practices, surgical centers, diagnostic laboratories, MRI/CT scan centers and many other smaller yet critical healthcare institutions,” reads the report.

Medical IoT a high-vulnerability area

The data also suggests healthcare IoT represents a growing opportunity for cyberattackers.

“While 2017 was the year of ransomware, we are anticipating this already hard hit sector will feel the wrath of cyber criminals targeting the hundreds of thousands of IoT devices already deployed in healthcare,” said Michael Simon, President & CEO of Cryptonite. “Internet of Things (IoT) devices are now ubiquitous in health care – they are already present in intensive care facilities, operating rooms and patient care networks.”

Medical IoT devices have become high-vulnerability areas within healthcare networks, as shown by a slew of recent studies. The responsibility to secure these devices is shouldered by vendors and healthcare providers alike.

However, as the past two years have shown, both camps need to increase their focus on cybersecurity to avoid losses, or even hefty fines.