www.malwarebytes.com
Open in
urlscan Pro
192.0.66.233
Public Scan
URL:
https://www.malwarebytes.com/blog/ransomware/2024/03/ransomwares-appetite-for-us-healthcare-sees-known-attacks-double-in-a-year
Submission: On March 18 via api from TR — Scanned from DE
Submission: On March 18 via api from TR — Scanned from DE
Form analysis
4 forms found in the DOMGET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>
GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>
GET https://www.malwarebytes.com/blog/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/blog/">
<div class="labs-sub-nav__searchbar-wrap">
<input class="labs-sub-nav__search-input" type="text" name="s" placeholder="Search Labs">
<button class="labs-sub-nav__search-button" id="cta-labs-rightrail-search-submit-en" aria-label="Search in Malwarebytes">
<svg xmlns="http://www.w3.org/2000/svg" width="35px" height="35px" viewBox="0 0 24 24" fill="none">
<g clip-path="url(#clip0_15_152)">
<rect width="24" height="24" fill="none"></rect>
<circle cx="10.5" cy="10.5" r="6.5" stroke="#0d3ecc" stroke-linejoin="round"></circle>
<path d="M19.6464 20.3536C19.8417 20.5488 20.1583 20.5488 20.3536 20.3536C20.5488 20.1583 20.5488 19.8417 20.3536 19.6464L19.6464 20.3536ZM20.3536 19.6464L15.3536 14.6464L14.6464 15.3536L19.6464 20.3536L20.3536 19.6464Z" fill="#0d3ecc">
</path>
</g>
<defs>
<clipPath id="clip0_15_152">
<rect width="24" height="24" fill="#0d3ecc"></rect>
</clipPath>
</defs>
</svg>
</button>
</div>
</form>
https://www.malwarebytes.com/newsletter/
<form action="https://www.malwarebytes.com/newsletter/" class="newsletter-form">
<div class="newsletter-form__inline">
<label>Email Address</label>
<input type="email" name="email" id="cta-footer-newsletter-input-email-en" placeholder="Email Address" required="" class="newsletter-form__email">
<input type="hidden" class="newsletter-form__pageurl" value="https://www.malwarebytes.com/blog/ransomware/2024/03/ransomwares-appetite-for-us-healthcare-sees-known-attacks-double-in-a-year">
<input name="source" type="hidden" value="">
<input type="submit" value="Sign Up" class="newsletter-form__btn" id="cta-footer-newsletter-subscribe-email-en">
</div>
<div class="newsletter-form__validate hidden">
<span></span>
</div>
</form>
Text Content
Skip to content Search Search Malwarebytes.com Search for: * Contact Us * Personal Support * Business Support * Get a Quote * Contact Press * Partner Programs * Submit Vulnerability * Company * About Malwarebytes * Careers * News & Press * Sign In * MyAccount sign in: manage your personal or Teams subscription > * Cloud Console sign in: manage your cloud business products > * Partner Portal sign in: management for Resellers and MSPs > * Personal < Personal Products * Malwarebytes Premium > * Malwarebytes Privacy VPN > * Malwarebytes Identity Theft Protection > * Malwarebytes Browser Guard > * Malwarebytes for Teams/small offices > * AdwCleaner for Windows > -------------------------------------------------------------------------------- Find the right product See our plans Infected already? Clean your device now Solutions * Free antivirus > * Free virus scan & removal > * Windows antivirus > * Mac antivirus > * Android antivirus > * iOS security > * Chromebook antivirus > * Digital Footprint Scan > See personal pricing Manage your subscription Visit our support page * Business < Business BUNDLES * ThreatDown Bundles * Protect your endpoints with powerfully simple and cost-effective bundles * Education Bundles * Secure your students and institution against cyberattacks TECHNOLOGY HIGHLIGHTS * Managed Detection & Response (MDR) * Deploy fully-managed threat monitoring, investigation, and remediation * Endpoint Detection & Response (EDR) * Prevent more attacks with security that catches what others miss * Explore our portfolio > Visualize and optimize your security posture in just minutes. Learn more about Security Advisor (available in every bundle). > * Pricing < Pricing Personal pricing Protect your personal devices and data Small office/home office pricing Protect your team’s devices and data Business pricing (5+ employees) Step up your corporate endpoint security. Save up to 45% * Partners < Partners Explore Partnerships Partner Solutions * Resellers * Managed Service Providers * Computer Repair * Technology Partners * Affiliate Partners Contact Us * Resources < Resources Learn About Cybersecurity * Antivirus * Malware * Ransomware Malwarebytes Labs – Blog * Glossary * Threat Center Business Resources * Reviews * Analyst Reports * Case Studies Press & News Reports The State of Malware 2023 Report Read report * Support < Support Technical Support * Personal Support * Business Support * Premium Services * Forums * Vulnerability Disclosure * Report a False Positive Featured Content * Activate Malwarebytes Privacy on Windows device. See Content Product Videos Free Download * Contact Us * < Contact Us * Personal Support * Business Support * Get a Quote * Contact Press * Partner Programs * Submit Vulnerability * Company * < Company * About Malwarebytes * Careers * News & Press * Sign In * < Sign In * MyAccount sign in: manage your personal or Teams subscription > * Cloud Console sign in: manage your cloud business products > * Partner Portal sign in: management for Resellers and MSPs > Search Search Search Malwarebytes.com Search for: SUBSCRIBE rss Ransomware RANSOMWARE’S APPETITE FOR US HEALTHCARE SEES KNOWN ATTACKS DOUBLE IN A YEAR Posted: March 15, 2024 by Mark Stockley Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. Described by the American Hospital Association (AHA) President and CEO Rick Pollack as “the most significant and consequential incident of its kind against the US health care system in history,” the attack has stopped billions of dollars in payments flowing between doctors, hospitals, pharmacies and insurers. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of insolvency, and led some small practices offering chemotherapy to warn that they are just weeks from turning patients away. There are thousands of “big game” ransomware attacks like this every year—large scale cyberattacks that can bring entire organisations to a halt. They are always damaging and they always cause pain, but when they hit the healthcare system, the consequences—particularly the risk to life—are often more immediately obvious and shocking. From time to time individual ransomware gangs will grandstand and say they don’t or won’t hit hospitals, but the truth is that healthcare has always been a major target. Only three weeks ago, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that ALPHV, the ransomware group behind the attack on Change Healthcare, was singling out targets in that sector, saying that “since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized.” ALPHV is just one gang among many targeting the sector. In the last 12 months, known ransomware attacks on US targets have increased an enormous 101% year-on-year, but attacks on healthcare have outpaced even that, increasing 137%. 70% of all known attacks on healthcare happen in the US. This relentless assault has made healthcare the second most attacked sector in the US, where it accounts for 9% of known attacks. In the same period, healthcare accounted for just 3% of known attacks in the rest of the world. The stark difference between the US and everywhere else may reflect the enormous size of the US healthcare market, or it could be the result of deliberate targeting. Screenshot Screenshot Given its unmatched global footprint, it’s no suprise that LockBit was responsible for more attacks on US healthcare than any other ransomware group in the last year. LockBit is the most widely used ransomware in the world, and tops the list of most active groups across a wide variety of different countries and industry sectors. What is most striking about attacks on US healthcare though is the number of different gangs involved. In the last year, 36 different ransomware groups are known to have attacked US healthcare targets, and, unusually, the combined contribution of gangs making just a few attacks each vastly outweighs the efforts of big gangs like LockBit and ALPHV. It’s easy to see why so many ransomare gangs might be drawn to the sector: US healthcare companies are custodians of people’s most private data, guardians of their health, and part of a marketplace worth trillions of dollars. In other words, healthcare isn’t just another industry sector, either for the people who use it, or the people who prey on it. It is a special case, and there is an argument for saying that attacks on organisations like Change Healthcare should be treated like an attack on critical infrastructure. The last attack on US critical infrastructure, against Colonial Pipeline in 2021, was met with an immediate and ferocious response. Within a month, the FBI had recovered the vast majority of the ransom. The gang behind it, DarkSide, lost control of its infrastructure to US law enforcement (and possibly US military) before going dark, and was quickly hounded out of existence by the FBI after it attempted to remerge and rebrand as BlackMatter. Knowing that, perhaps it’s not a surprise that the attack on Change Healthcare was one of the ALPHV gang’s last acts before it disappeared in a sloppily exectuted exit scam. HOW TO AVOID RANSOMWARE * Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs. * Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware. * Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs. * Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files. * Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly. * Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again. -------------------------------------------------------------------------------- Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below. TRY NOW SHARE THIS ARTICLE RELATED ARTICLES News MALWAREBYTES PREMIUM BLOCKS 100% OF MALWARE DURING EXTERNAL AVLAB TEST March 13, 2024 - Malwarebytes Premium for Windows detected and blocked 100% of the malware samples used in AVLab's January evaluation. CONTINUE READING 0 Comments Exploits and vulnerabilities | News MICROSOFT PATCH TUESDAY MARCH 2024 INCLUDES CRITICAL HYPER-V FLAWS March 13, 2024 - Microsoft patched 61 vulnerabilities in the March 2024 Patch Tuesday round, including two critical flaws in Hyper-V. CONTINUE READING 0 Comments News | Personal | Privacy NEW FACEBOOK PHOTO RULE HOAX SPREADS March 13, 2024 - A hoax telling people to copy and paste a copyright notice on Facebook has been making the rounds since 2012. Can we make it go away? Please! CONTINUE READING 1 Comment Ransomware | Threat Intelligence RANSOMWARE REVIEW: MARCH 2024 March 12, 2024 - February 2024 is likely to be remembered as one of the most turbulent months in ransomware history. CONTINUE READING 0 Comments News | Personal DATA BROKERS ADMIT THEY’RE SELLING INFORMATION ON PRECISE LOCATION, KIDS, AND REPRODUCTIVE HEALTHCARE March 11, 2024 - Information newly made available under California law has shed light on data broker practices, including exactly what categories of information they trade in. CONTINUE READING 0 Comments ABOUT THE AUTHOR Mark Stockley Contributors Threat Center Podcast Glossary Scams Cyberprotection for every one. FOR PERSONAL * Windows Antivirus * Mac Antivirus * Android Antivirus * Free Antivirus * VPN App (All Devices) * Malwarebytes for iOS * SEE ALL COMPANY * About Us * Contact Us * Careers * News and Press * Blog * Scholarship * Forums FOR BUSINESS * Small Businesses * Mid-size business * Larger Enterprise * Endpoint Protection * Endpoint Detection & Response * Managed Detection and Response (MDR) FOR PARTNERS * Managed Service Provider (MSP) Program * Resellers MY ACCOUNT Sign In SOLUTIONS * Digital Footprint Scan * Rootkit Scanner * Trojan Scanner * Virus Scanner * Spyware Scanner * Password Generator * Anti Ransomware Protection ADDRESS One Albert Quay 2nd Floor Cork T12 X8N6 Ireland 3979 Freedom Circle 12th Floor Santa Clara, CA 95054 LEARN * Malware * Hacking * Phishing * Ransomware * Computer Virus * Antivirus * What is VPN? * Twitter * Facebook * LinkedIn * Youtube * Instagram CYBERSECURITY INFO YOU CAN’T LIVE WITHOUT Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats. Email Address English * Legal * Privacy * Accessibility * Vulnerability Disclosure * Terms of Service © 2024 All Rights Reserved Select your language * English * Deutsch * Español * Français * Italiano * Português (Portugal) * Português (Brasil) * Nederlands * Polski * Pусский * 日本語 * Svenska This site uses cookies in order to enhance site navigation, analyze site usage and marketing efforts. Please see our privacy policy for more information. Privacy Policy Cookies Settings Decline All Accept All Cookies PRIVACY PREFERENCE CENTER When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. Privacy Policy Allow All MANAGE CONSENT PREFERENCES STRICTLY NECESSARY Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Cookies Details PERFORMANCE AND FUNCTIONALITY Performance and Functionality These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details ANALYTICS Analytics These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Cookies Details ADVERTISING Advertising These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Cookies Details Back Button COOKIE LIST Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Decline All Confirm My Choices