This sector is the most targeted by cyber criminals

The healthcare industry continued to be the most targeted sector by cyber criminals in 2018, accounting for 41% of attacks, according to the Beazley 2019 Breach Briefing, released Tuesday.

“Healthcare records are more valuable to attackers and sell for significantly higher than financial data on the dark web,” explained Lauren Winchester, privacy breach response services manager with specialist insurer Beazley. “Stolen healthcare information can be used to file false claims with insurance carriers or create false IDs to purchase drugs. And unlike credit card numbers, which are cancelled relatively quickly once identified as compromised, healthcare information can be used for nefarious purposes over longer periods of time,” she told Canadian Underwriter Friday.

The healthcare sector accounted for 41% of attacks, while financial institutions came in at about 20%, based on the over 3,300 data incidents reported to Beazley in 2018.

Wouldn’t cyber criminals be able to make more money by hacking into financial data?

While Beazley’s data shows that healthcare organizations are targeted more frequently than financial institutions overall, when drilled down by specific type of attack – business email compromise (BEC) – financial institutions are targeted more frequently (27% financial institutions versus 22% healthcare entities). “One of the most lucrative ways to leverage a compromised email account is to request a fraudulent wire transfer or attempt to redirect funds, any by targeting a financial institution, the attacker is more likely to compromise someone with the ability to send or receive funds,” Winchester noted.

BEC refer to social engineering attacks where cyber criminals use compromised email credentials or spoof a legitimate email address to trick an employee into making an electronic payment to a bank account controlled by the cyber criminal or, in some cases, to transfer sensitive data. The number of BEC incidents increased 133% from 2017 to 2018, according to Beazley.

For financial institutions (and most industries), hack or malware was the leading cause of loss (59%) last year. Overall, almost half (47%) of all incidents investigated by Beazley Breach Response (BBR) Services were the result of hack or malware. Of these, approximately half (24%) were BEC.

“[BEC], ransomware attacks and banking Trojans were key trends in 2018 and are continuing to evolve in 2019,” said the Beazley 2019 Breach Briefing. “These attacks do not discriminate in targeting businesses; all industry verticals and organizations of all sizes are falling victim to these crimes.”

Ransomware accounted for 9% of the total incidents in 2018 (12% for financial institutions), with an average ransomware demand and/or payment in 2018 of more than US$116,000. But this number was skewed by some very large demands, Beazley noted, pointing out that the median demand was US$10,310.  The highest demand received by a Beazley client was for US$8.5 million, or 3,000 bitcoin. The highest ransom the insurer paid was US$935,000.

Even though ransomware accounted for only 9% of incidents last year, in raw numbers, the insurer received over 300 ransomware notifications. “So while ransomware was not as prevalent as business email compromise, we rarely saw a ransomware-free day last year,” Winchester said.

The main trend Beazley observed with ransomware (other than the noted increase year-over-year) is that attackers are also launching banking Trojans prior to the ransomware. Banking Trojans present a serious threat to organizations because they can steal credentials, deploy other malware, and are incredibly hard to eradicate from the network without the help of a forensic firm, Winchester said. “What this means is that while historically many ransomware attacks did not result in a legally notifiable ‘data breach,’ the presence of a banking Trojan may also mean attackers have compromised and even stolen sensitive personal information.”