por
Thomas Dworetzky, Contributing Reporter | February 01, 2017
Bad as ransomware attacks were in 2016, health care IT professionals had better brace themselves – experts say 2017 could well be worse.
"The threat from ransomware is not only growing, but evolving to allow hackers to target vulnerable organizations and their most valuable data files, and adjust ransom demands accordingly,” Katherine Keefe, global head of Beazley BBR Services, said in a statement, adding that “the sustained increase in these threats in 2016 indicates that even more organizations will be attacked in 2017 and need to have incident response plans in place before they get a ransomware demand.”
The recent report by the data-breach-response insurance provider noted that “evolving ransomware variants enable hackers to methodically investigate a company's system, selectively lock the most critical files, and demand higher ransoms to get the most valuable files unencrypted.”
Beazley's BBR Services division handled 1,943 data breaches for clients in 2016, up from 1,247 breaches in 2015.
The key takeaways from the report included:
Ransomware is on the rise
Attacks were over four times higher in 2016 than in 2015. The growing sophistication of these incursions suggests that 2017 could see double the number from the year earlier.
Unintended disclosure is a real problem
Confidential information is profitable for criminals – and none is worth more than health data. This makes “formerly minor mistakes much more dangerous,” advised the company. “Unintended disclosure,” usually via email or fax to the wrong recipient, accounted for about 32 percent of 2016 breaches, up from 24 percent in 2015.
Health care information mix-ups behind many attacks, but hacking defense improving
There is some good news and bad news in recent trends. While faxes and emails gone awry, or the mistaken release of discharge papers, were responsible for 40 percent of 2016 breaches in the industry, a rise from 2015's 30 percent, hacks and malware led to just 19 percent of hacks in 2016, off from 27 percent in 2015.
Health care data is very desirable to criminals
A report on
2016 data breaches by the Identity Theft Resource Center (ITRC) and CyberScout noted that, “the business sector again topped the list in the number of data breach incidents, with 494 reported, representing 45.2 percent of the overall number of breaches. This was followed by the health care/medical industry (377 incidents), representing 34.5 percent of the overall total.”