www.malwarebytes.com
Open in
urlscan Pro
192.0.66.233
Public Scan
URL:
https://www.malwarebytes.com/blog/ransomware/2024/03/ransomwares-appetite-for-us-healthcare-sees-known-attacks-double-in-a-year
Submission: On March 18 via api from TR — Scanned from DE
Submission: On March 18 via api from TR — Scanned from DE
Form analysis 4 forms found in the DOM
GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/blog/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/blog/">
<div class="labs-sub-nav__searchbar-wrap">
<input class="labs-sub-nav__search-input" type="text" name="s" placeholder="Search Labs">
<button class="labs-sub-nav__search-button" id="cta-labs-rightrail-search-submit-en" aria-label="Search in Malwarebytes">
<svg xmlns="http://www.w3.org/2000/svg" width="35px" height="35px" viewBox="0 0 24 24" fill="none">
<g clip-path="url(#clip0_15_152)">
<rect width="24" height="24" fill="none"></rect>
<circle cx="10.5" cy="10.5" r="6.5" stroke="#0d3ecc" stroke-linejoin="round"></circle>
<path d="M19.6464 20.3536C19.8417 20.5488 20.1583 20.5488 20.3536 20.3536C20.5488 20.1583 20.5488 19.8417 20.3536 19.6464L19.6464 20.3536ZM20.3536 19.6464L15.3536 14.6464L14.6464 15.3536L19.6464 20.3536L20.3536 19.6464Z" fill="#0d3ecc">
</path>
</g>
<defs>
<clipPath id="clip0_15_152">
<rect width="24" height="24" fill="#0d3ecc"></rect>
</clipPath>
</defs>
</svg>
</button>
</div>
</form>https://www.malwarebytes.com/newsletter/
<form action="https://www.malwarebytes.com/newsletter/" class="newsletter-form">
<div class="newsletter-form__inline">
<label>Email Address</label>
<input type="email" name="email" id="cta-footer-newsletter-input-email-en" placeholder="Email Address" required="" class="newsletter-form__email">
<input type="hidden" class="newsletter-form__pageurl" value="https://www.malwarebytes.com/blog/ransomware/2024/03/ransomwares-appetite-for-us-healthcare-sees-known-attacks-double-in-a-year">
<input name="source" type="hidden" value="">
<input type="submit" value="Sign Up" class="newsletter-form__btn" id="cta-footer-newsletter-subscribe-email-en">
</div>
<div class="newsletter-form__validate hidden">
<span></span>
</div>
</form>Text Content
Skip to content
Search
Search Malwarebytes.com
Search for:
* Contact Us
* Personal Support
* Business Support
* Get a Quote
* Contact Press
* Partner Programs
* Submit Vulnerability
* Company
* About Malwarebytes
* Careers
* News & Press
* Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
* Personal
< Personal
Products
* Malwarebytes Premium >
* Malwarebytes Privacy VPN >
* Malwarebytes Identity Theft Protection >
* Malwarebytes Browser Guard >
* Malwarebytes for Teams/small offices >
* AdwCleaner for Windows >
--------------------------------------------------------------------------------
Find the right product
See our plans
Infected already?
Clean your device now
Solutions
* Free antivirus >
* Free virus scan & removal >
* Windows antivirus >
* Mac antivirus >
* Android antivirus >
* iOS security >
* Chromebook antivirus >
* Digital Footprint Scan >
See personal pricing
Manage your subscription
Visit our support page
* Business
< Business
BUNDLES
* ThreatDown Bundles
* Protect your endpoints with powerfully simple and cost-effective bundles
* Education Bundles
* Secure your students and institution against cyberattacks
TECHNOLOGY HIGHLIGHTS
* Managed Detection & Response (MDR)
* Deploy fully-managed threat monitoring, investigation, and remediation
* Endpoint Detection & Response (EDR)
* Prevent more attacks with security that catches what others miss
* Explore our portfolio >
Visualize and optimize your security posture in just minutes.
Learn more about Security Advisor (available in every bundle). >
* Pricing
< Pricing
Personal pricing
Protect your personal devices and data
Small office/home office pricing
Protect your team’s devices and data
Business pricing (5+ employees)
Step up your corporate endpoint security. Save up to 45%
* Partners
< Partners
Explore Partnerships
Partner Solutions
* Resellers
* Managed Service Providers
* Computer Repair
* Technology Partners
* Affiliate Partners
Contact Us
* Resources
< Resources
Learn About Cybersecurity
* Antivirus
* Malware
* Ransomware
Malwarebytes Labs – Blog
* Glossary
* Threat Center
Business Resources
* Reviews
* Analyst Reports
* Case Studies
Press & News
Reports
The State of Malware 2023 Report
Read report
* Support
< Support
Technical Support
* Personal Support
* Business Support
* Premium Services
* Forums
* Vulnerability Disclosure
* Report a False Positive
Featured Content
* Activate Malwarebytes Privacy on Windows device.
See Content
Product Videos
Free Download
* Contact Us
* < Contact Us
* Personal Support
* Business Support
* Get a Quote
* Contact Press
* Partner Programs
* Submit Vulnerability
* Company
* < Company
* About Malwarebytes
* Careers
* News & Press
* Sign In
* < Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
Search Search
Search Malwarebytes.com
Search for:
SUBSCRIBE rss
Ransomware
RANSOMWARE’S APPETITE FOR US HEALTHCARE SEES KNOWN ATTACKS DOUBLE IN A YEAR
Posted: March 15, 2024 by Mark Stockley
Following the February 21 attack on Change Healthcare, scores of people in the
US have been living with the brutal, real-world effects of ransomware.
Described by the American Hospital Association (AHA) President and CEO Rick
Pollack as “the most significant and consequential incident of its kind against
the US health care system in history,” the attack has stopped billions of
dollars in payments flowing between doctors, hospitals, pharmacies and insurers.
It has also created skyrocketing pharmacy bills, pushed some healthcare
providers to the edge of insolvency, and led some small practices offering
chemotherapy to warn that they are just weeks from turning patients away.
There are thousands of “big game” ransomware attacks like this every year—large
scale cyberattacks that can bring entire organisations to a halt. They are
always damaging and they always cause pain, but when they hit the healthcare
system, the consequences—particularly the risk to life—are often more
immediately obvious and shocking.
From time to time individual ransomware gangs will grandstand and say they don’t
or won’t hit hospitals, but the truth is that healthcare has always been a major
target.
Only three weeks ago, the Cybersecurity and Infrastructure Security Agency
(CISA) issued a warning that ALPHV, the ransomware group behind the attack on
Change Healthcare, was singling out targets in that sector, saying that “since
mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has
been the most commonly victimized.”
ALPHV is just one gang among many targeting the sector. In the last 12 months,
known ransomware attacks on US targets have increased an enormous 101%
year-on-year, but attacks on healthcare have outpaced even that, increasing
137%.
70% of all known attacks on healthcare happen in the US.
This relentless assault has made healthcare the second most attacked sector in
the US, where it accounts for 9% of known attacks. In the same period,
healthcare accounted for just 3% of known attacks in the rest of the world.
The stark difference between the US and everywhere else may reflect the enormous
size of the US healthcare market, or it could be the result of deliberate
targeting.
Screenshot Screenshot
Given its unmatched global footprint, it’s no suprise that LockBit was
responsible for more attacks on US healthcare than any other ransomware group in
the last year. LockBit is the most widely used ransomware in the world, and tops
the list of most active groups across a wide variety of different countries and
industry sectors. What is most striking about attacks on US healthcare though is
the number of different gangs involved.
In the last year, 36 different ransomware groups are known to have attacked US
healthcare targets, and, unusually, the combined contribution of gangs making
just a few attacks each vastly outweighs the efforts of big gangs like LockBit
and ALPHV.
It’s easy to see why so many ransomare gangs might be drawn to the sector: US
healthcare companies are custodians of people’s most private data, guardians of
their health, and part of a marketplace worth trillions of dollars. In other
words, healthcare isn’t just another industry sector, either for the people who
use it, or the people who prey on it. It is a special case, and there is an
argument for saying that attacks on organisations like Change Healthcare should
be treated like an attack on critical infrastructure.
The last attack on US critical infrastructure, against Colonial Pipeline in
2021, was met with an immediate and ferocious response. Within a month, the FBI
had recovered the vast majority of the ransom. The gang behind it, DarkSide,
lost control of its infrastructure to US law enforcement (and possibly US
military) before going dark, and was quickly hounded out of existence by the FBI
after it attempted to remerge and rebrand as BlackMatter.
Knowing that, perhaps it’s not a surprise that the attack on Change Healthcare
was one of the ALPHV gang’s last acts before it disappeared in a sloppily
exectuted exit scam.
HOW TO AVOID RANSOMWARE
* Block common forms of entry. Create a plan for patching vulnerabilities in
internet-facing systems quickly; and disable or harden remote access like RDP
and VPNs.
* Prevent intrusions. Stop threats early before they can even infiltrate or
infect your endpoints. Use endpoint security software that can prevent
exploits and malware used to deliver ransomware.
* Detect intrusions. Make it harder for intruders to operate inside your
organization by segmenting networks and assigning access rights prudently.
Use EDR or MDR to detect unusual activity before an attack occurs.
* Stop malicious encryption. Deploy Endpoint Detection and Response software
like ThreatDown EDR that uses multiple different detection techniques to
identify ransomware, and ransomware rollback to restore damaged system files.
* Create offsite, offline backups. Keep backups offsite and offline, beyond the
reach of attackers. Test them regularly to make sure you can restore
essential business functions swiftly.
* Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the
first attack, you must remove every trace of the attackers, their malware,
their tools, and their methods of entry, to avoid being attacked again.
--------------------------------------------------------------------------------
Our business solutions remove all remnants of ransomware and prevent you from
getting reinfected. Want to learn more about how we can help protect your
business? Get a free trial below.
TRY NOW
SHARE THIS ARTICLE
RELATED ARTICLES
News
MALWAREBYTES PREMIUM BLOCKS 100% OF MALWARE DURING EXTERNAL AVLAB TEST
March 13, 2024 - Malwarebytes Premium for Windows detected and blocked 100% of
the malware samples used in AVLab's January evaluation.
CONTINUE READING 0 Comments
Exploits and vulnerabilities | News
MICROSOFT PATCH TUESDAY MARCH 2024 INCLUDES CRITICAL HYPER-V FLAWS
March 13, 2024 - Microsoft patched 61 vulnerabilities in the March 2024 Patch
Tuesday round, including two critical flaws in Hyper-V.
CONTINUE READING 0 Comments
News | Personal | Privacy
NEW FACEBOOK PHOTO RULE HOAX SPREADS
March 13, 2024 - A hoax telling people to copy and paste a copyright notice on
Facebook has been making the rounds since 2012. Can we make it go away? Please!
CONTINUE READING 1 Comment
Ransomware | Threat Intelligence
RANSOMWARE REVIEW: MARCH 2024
March 12, 2024 - February 2024 is likely to be remembered as one of the most
turbulent months in ransomware history.
CONTINUE READING 0 Comments
News | Personal
DATA BROKERS ADMIT THEY’RE SELLING INFORMATION ON PRECISE LOCATION, KIDS, AND
REPRODUCTIVE HEALTHCARE
March 11, 2024 - Information newly made available under California law has shed
light on data broker practices, including exactly what categories of information
they trade in.
CONTINUE READING 0 Comments
ABOUT THE AUTHOR
Mark Stockley
Contributors
Threat Center
Podcast
Glossary
Scams
Cyberprotection for every one.
FOR PERSONAL
* Windows Antivirus
* Mac Antivirus
* Android Antivirus
* Free Antivirus
* VPN App (All Devices)
* Malwarebytes for iOS
* SEE ALL
COMPANY
* About Us
* Contact Us
* Careers
* News and Press
* Blog
* Scholarship
* Forums
FOR BUSINESS
* Small Businesses
* Mid-size business
* Larger Enterprise
* Endpoint Protection
* Endpoint Detection & Response
* Managed Detection and Response (MDR)
FOR PARTNERS
* Managed Service Provider (MSP) Program
* Resellers
MY ACCOUNT
Sign In
SOLUTIONS
* Digital Footprint Scan
* Rootkit Scanner
* Trojan Scanner
* Virus Scanner
* Spyware Scanner
* Password Generator
* Anti Ransomware Protection
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
3979 Freedom Circle
12th Floor
Santa Clara, CA 95054
LEARN
* Malware
* Hacking
* Phishing
* Ransomware
* Computer Virus
* Antivirus
* What is VPN?
* Twitter
* Facebook
* LinkedIn
* Youtube
* Instagram
CYBERSECURITY INFO YOU CAN’T LIVE WITHOUT
Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.
Email Address
English
* Legal
* Privacy
* Accessibility
* Vulnerability Disclosure
* Terms of Service
© 2024 All Rights Reserved
Select your language
* English
* Deutsch
* Español
* Français
* Italiano
* Português (Portugal)
* Português (Brasil)
* Nederlands
* Polski
* Pусский
* 日本語
* Svenska
This site uses cookies in order to enhance site navigation, analyze site usage
and marketing efforts. Please see our privacy policy for more information.
Privacy Policy
Cookies Settings Decline All Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
Privacy Policy
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE AND FUNCTIONALITY
Performance and Functionality
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
ANALYTICS
Analytics
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
ADVERTISING
Advertising
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Decline All Confirm My Choices