Healthcare sector targeted by ransomware

According to Kroll, a risk consultancy, ransomware attacks targeting healthcare organizations have seen a spike during Q2 this year.

Although there has been a slowdown of attacks in the recent months, probably due to turmoil in cryptocurrency markets and some ransomware operations shutdowns (notably Conti), Kroll reports that healthcare overtook professional services as the top targeted sector in Q2, accounting for 21% of all Kroll cases, compared to only 11% in Q1 2022.

As healthcare providers usually store lots of sensitive patient data, ransomware operators sometimes use a double extortion tactic in which actors exfiltrate data prior to network encryption and then threaten to leak the stolen data as leverage during negotiations.

While Kroll continued to see actors exploiting vulnerabilities and phishing schemes to launch ransomware, in Q2 a ransomware incident was most likely to begin via external remote services. Kroll observed 700% increase in external remote services such as remote desktop protocol (RDP) and virtual private networks (VPN) being used for initial access.

Read more in the Kroll report.