Ransomware attacks surged after Change Healthcare hack
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Tiffany Herring/Axios
Ransomware attacks against health care organizations surged following the hack of Change Healthcare that crippled much of the U.S. health care system, according to cybersecurity firm Recorded Future.
Why it matters: The uptick, first reported by Wired, suggests that the $22 million Change's parent, UnitedHealth Group, paid out to hackers to unlock its systems may have emboldened bad actors to further target the vulnerable industry.
- "Ransomware attacks against health care providers get attention, they are widely reported compared to other types of ransomware attacks," Recorded Future analyst Allan Liska told Axios.
- "Even if a ransomware actor does not receive a ransom, they gain notoriety," he said.
What they found: There were 44 attacks against the health care sector in April, the most that Recorded Future has seen in the four years it's been collecting data.
- It was also the second-largest month-over-month jump, after 30 ransomware attacks were recorded in March. There were 32 attacks in February and May.
- The attack on Change, the largest processor of medical claims, was reported in late February, and the implications of the attack grew clearer in the following weeks as many health care providers struggled to get paid.
The big picture: Hackers often view hospitals and clinics as particularly lucrative targets because the facilities hold lots of sensitive data, and they tend to pay up to keep critical services running.
- Health care organizations reported the most ransomware attacks among critical U.S. industries last year, according to the Internet Crime Complaint Center, or IC3.
- Earlier this week, the White House announced it is working with Microsoft and Google to help typically under-resourced rural hospitals defend against cyberattacks.
