Newsroom

1-in-5 Americans Had a Healthcare Provider Impacted By a Cyberattack as Ransomware Targeting Hospitals Escalated During the Pandemic

Written by Morphisec Team | March 3, 2021

Morphisec’s third annual Consumer Healthcare Cybersecurity: Threat Index finds that 61% of consumers are more worried about ransomware shutting down care from their provider than a year ago.

BE’ER SHEVA, ISRAEL AND BOSTON -- MARCH 03, 2021 --

61% of consumers say they’re more worried today about ransomware taking their healthcare provider offline and being unable to provide them care than they were a year ago, according to the 2021 Consumer Healthcare Cybersecurity: Threat Index released today by Morphisec. In addition, for a second straight year, Morphisec found that more than 1-in-5 Americans had a healthcare provider impacted by a cyberattack over the last twelve months. The figure represents the rising cybersecurity threat on an industry left extremely vulnerable by COVID-19 and is increasingly attractive to ruthless cybercriminals looking for large and easy payouts.

As ransomware attacks on hospitals and healthcare organizations escalated throughout the last year, Morphisec’s third annual Consumer Healthcare Cybersecurity: Threat Index surveyed 1,000+ consumers across the United States in January 2021 to gauge how they perceive current cyber threats. With the entire healthcare industry navigating new consumer behaviors and significant revenue hits, 27% of consumers asserted that if their healthcare provider were victims of a cyberattack that breached their healthcare record, they would consider switching providers.

The gravity of the pandemic did little to dissuade cybercriminals from targeting healthcare providers with more sophisticated ransomware attacks. In fact, cybercriminals appeared to be emboldened with the opportunity to go after increasingly vulnerable and valuable healthcare organizations in their most dire moments. Attackers carried out these ransomware campaigns with targeted phishing and drive-by-download attacks designed to infiltrate employee endpoints and move laterally to exfiltrate data and then encrypt as many computers and servers as possible.

These threats to hospitals remain today both domestically and globally. In fact, days after the Dax-Côte d 'Argent Hospital Center in France was taken offline by Egregor ransomware last month, Morphisec published detailed findings on the techniques the criminal group uses to exploit vulnerabilities with employee VPN usage. With non-intensive care units continuing to work from home as telemedicine practices at least throughout the remainder of the pandemic, these attacks targeting hybrid and remote teams will continue.

Morphisec’s Consumer Healthcare Cybersecurity: Threat Index found that 57% of consumers believe their healthcare providers working remotely during the pandemic has increased the risk of their personal health information being compromised. Furthermore, 56% of patients have used telemedicine alternatives to in-person healthcare visits during the pandemic. Of those patients who say they have used telemedicine alternatives during the pandemic, over half stated they are more worried about the security of their personal health information in a telemedicine setting than within an in-person environment.

“As the healthcare industry has navigated this unprecedented health emergency, it has become clear that they’re also dealing with a cybersecurity emergency as the adversary is stepping up attacks against organizations with lean security teams,” said Andrew Homer, VP of Security Strategy at Morphisec. “From the largest hospital networks to rural community healthcare providers, hackers are targeting patient records that have an extended shelf-life on the dark web and taking advantage of providers' propensity to pay ransom to keep critical care online. Healthcare providers can no longer place their patients’ lives in the hands of the status quo ‘next-gen’ antivirus tools that are easily bypassed. Ultimately, they need to take a proactive approach to security with automatic self protection, that both blocks and locks down the attack before the breach unfolds."

  • Download the full Morphisec 2021 Consumer Healthcare Cybersecurity: Threat Index here.

About Morphisec

Morphisec delivers an entirely new level of innovation to endpoint protection to create a zero-trust execution environment for workstation, VDI and cloud workloads. This proactively creates a prevent-first posture against the most advanced threats to the enterprise, including APTs, file-based malware, zero-days, ransomware, fileless attacks, and web-borne exploits. This complete endpoint security solution easily deploys into a company’s existing security infrastructure to form a simple, highly effective, cost-efficient technology stack that is truly disruptive to today’s existing cybersecurity model.

Morphisec Media Contact:                           

Kyle Austin. BMV for Morphisec

kyle@beantownmv.com                                           

617-564-0446