Healthcare tops industries as most targeted for cyberattacks

Healthcare organizations are a top target for cyberattacks, more so than any other industry, according to the latest Beazley Breach Briefing.

In fact, 35% of attacks targeted healthcare, compared to 16% for financial institutions, 12% for education, 9% for professional services and 7% for retail.

The report comes at a time when ransomware attacks, which deny access to data and interrupt business operations, have skyrocketed, with ransomware attack notifications rising 131% in 2019 among Beazley Breach Response Services clients. In addition, the sums demanded by attackers to release control and access back to owners has increased.

Cyberattacks can come in several forms, but the two most popular are phishing email and poorly secured remote desktop protocol, in which attackers can gain access through basic tools as companies enable employees to access their work computer desktops or primary server remotely, according to the report.

“With the convenience of enabling employees to work from home, using RDP can make IT systems more susceptible to attack without the right security measures in place,” Katherine Keefe, Beazley’s global head of BBR Services, said in a statement. “The coronavirus has forced many more employees to work from home and in this pressured environment it is very important that companies take the right steps to reduce the vulnerability of their IT infrastructure.”

The increase in attacks from remote desktop protocol (RDP) is concerning at a time when the spread of the new coronavirus, COVID-19, is causing many workers to work remotely from home, potentially exposing themselves and their organizations to more attacks.

Healthcare organizations are also faced with the complex matter of health data when it comes to cyberattacks and ransomware attacks. For example, attackers who take control of data and deny access to the organization can demand a sum to keep the data private. If an organization fails to deliver the sum, the attackers would threaten to expose or leak the data. Attackers are interested in companies of all sizes, including small ones, according to the report.

See the full report here.