Ransomware — malicious software that, once having gained access to a digital network can encrypt information and threaten deletion or worse if cash is not paid — is increasingly targeted at the health care industry, concludes a recent analysis from IBM's Security X-Force consultancy.
Big Blue's write up, which is based on its own consulting work with affected companies, found that 28% of attacks on health care in 2020 were ransomware, making the industry the seventh most attacked, up from tenth place in 2019.
And the attacks are getting nastier.
As noted in a report from the Office of Information Security at the U.S. Health and Human Services, "double extortion" ransomware attacks exploded in 2020. While there was just one ransomware platform offering this dismal two-for-one in 2019, others quickly copied the approach. Now 18 different types of ransomware are double extortion.
The ominous term refers to an attempt to make it more difficult for hacked companies to refuse to pay ransoms and simply restore their systems from backups made before ransomware took hold.
Hacker gangs usually operating from overseas locations have countered by downloading sensitive data from the networks they penetrate before making ransom demands.
Now, those demands include double threats to pay up or risk losing encrypted data and also pay up or risk private information from one's customers being leaked on websites that they operate.
One such double-extortion ransomware type called Ryuk was widely reported to have been the culprit in the UHS attack, though the company has never formally disclosed the digital pathogen involved.
It remains unclear exactly which type of ransomware is involved at Scripps.
The region's second-largest health care system, with four hospital campuses and a vast network of clinics, outpatient surgical centers and other assets, said on Thursday that "malware" was detected on its systems. An internal memo obtained by the Union-Tribune Sunday clearly implicated ransomware but did not list the type. On Tuesday, the California Department of Public Health confirmed in an email that ransomware is involved.