Ransomware attacks continued as a significant threat to healthcare organizations in 2022 though the true scale of it remains an enigma. Victims of ransomware attacks do not always report the incidents as involving ransomware, and ransomware gangs do not publicly disclose attacks when ransoms are paid. And as in other sectors some ransomware gangs choose to conduct extortion-only attacks, where sensitive data is exfiltrated from networks and a ransom demand is issued to prevent its publication or sale, but malware is not used to encrypt files. The decision whether or not to encrypt appears to be taken on an attack-by-attack basis.
By and large, the tantalizing target on healthcare’s back has been attributable to outdated IT systems, fewer cybersecurity protocols and IT staff, valuable data, and the pressing need for medical practices and hospitals to pay ransoms quickly to regain data.
And 2021 stats from a US Cyber company (Herjavec Group) make for stark reading
Simply put this is a malicious attack against a network where the criminals get access to data and either steal it, threaten to delete it, or encrypt it. The criminals will then demand a payment for the return of the data. Imagine how this could affect your business – sensitive financial data relating to your customers, suppliers or even your own company, commercially sensitive data relating to staff, the operating of your business or contacts with others - these could all be compromised or lost.
The reality is that ransomware is now viewed as a business model and many entities behind these attacks will present themselves as being on the same side as the victim. So, in return for the payment your business will often be supported through a process which will return the data that has been encrypted / stolen. It is worthy of note that paying the ransom does not guarantee the return of the data and certainly does not guarantee that it won’t be sold on or published at some point in the future. Also, your network will still be infected, and you are more likely to be targeted again in the future.
The paying of the ransom has moral and ethical undertones that may not be immediately apparent when you are faced with such an attack. Consider the fact that you may be financially supporting terrorists or criminals by paying the ransom.
Ransomware is always preceded by an attack on the network itself, commonly through use of stolen credentials, a phishing e-mail or brute force attack. These attacks are increasing in complexity and sophistication meaning that defence against these dark arts needs continual review. But the key points for protection to remember are
The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.
Here at the centre, we would recommend that you consider
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).
Click to Open Code Editor