Man in suit holds tablet

Ransomware is on the rise and healthcare is suffering

The 2018 Data Breach Investigation Report (DBIR) by Verizon has revealed that ransomware is a growing problem. In the 2014 DBIR report, ransomware ranked 22nd on the list of most common malware threats in data breach cases; in 2016, it jumped up to the fifth; and now, ransomware tops the list, accounting for 39% of all malware-related data breaches across all industries in 2017.

Email proved to be the main point of entry for the majority of ransomware attacks, with most carrying a phishing or financial pretexting scam. Worse still, Verizon’s dataset shows that ransomware attackers are targeting more systems and networks, as opposed to just desktops and devices. This is paving the way for much larger ransom demands making cybercriminals more profitable for less effort, with 87% of breaches taking “minutes or less” to achieve. And yet, more than two-thirds of breaches went undiscovered by affected organizations for months or longer following a breach.

The report states, “Cybercriminals don’t need much time to extract valuable data – they usually have much more than they need as it typically takes organizations weeks or months to discover a breach. In many cases, it’s not even the organization itself that spots the breach, it’s often a third party like law enforcement or a partner. Worst of all, many breaches are spotted by customers.”

Healthcare at high risk

Ransomware has been devastating for the healthcare industry in particular, accounting for 85% of all malware incidents in 2017.

However, while ransomware is a prevalent threat, the DBIR reveals another dark tale for healthcare, stating that it is the only sector to have had more internal culprits (56%) behind its data breaches than external ones (43%).

Internal threats are not always malicious. In fact, human error was the major contributor to cyber incidents in healthcare (32%) in 2017. However, employees were also shown to be abusing their access to sensitive data, with a perceived financial gain acting as the primary motivator.

“Access to a great deal of sensitive information is necessary for healthcare professionals to successfully carry out their duties,” the Verizon research team explained. “But along with that access comes the relatively easy ability to abuse it.”

Building stronger defenses

Each year, the DBIR highlights how cybercriminals are constantly developing new tactics to help them infiltrate company systems and the sensitive data they hold. But even more concerning is that many organizations are leaving themselves vulnerable to these attacks. Too many companies are shown to be falling at the first hurdle of basic security – failing to update their antivirus softwares or not training staff on how to spot the signs of an incident.

In the event of an attack, organizations need to ensure they are prepared to respond quickly and effectively. While it is impossible to guarantee a 100% reliable defense strategy, to help prevent themselves from becoming victims, Verizon recommends organizations take a number of proactive steps:

  1. Stay vigilant – log files and change management systems can give early warnings of a breach.
  2. Make people the first line of defense – train staff to spot the warning signs and know how to react.
  3. Keep data on a “need-to-know” basis – only employees that need access to systems to do their jobs should have it. Access should be revoked if their role changes.
  4. Patch promptly –  cybercriminals are still successfully exploiting known vulnerabilities. Many threats can be prevented, simply by keeping anti-virus software up to date.
  5. Encrypt sensitive data – encrypted data is rendered useless if it is stolen.
  6. Use two-factor authentication – this can limit the damage that can be done with lost or stolen credentials.
  7. Don’t forget physical security – not all data theft happens online; surveillance cameras and entry systems for restricted areas, for example, can help avoid criminals tampering with systems or stealing sensitive material.


To download the full Data Breach Investigations Report, visit: