The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Appears to be in Decline, but Don’t Lower your Guard

Posted By on Jan 17, 2023

While it is difficult to obtain accurate data on the number of ransomware attacks being conducted on healthcare organizations, the available data suggest there has been a decline in attacks across all industry sectors compared to the high number of attacks reported in 2021. Emsisoft recently reported that attacks are leveling off or declining in the industry sectors it tracks, and now a new survey appears to confirm that decline.

The survey was conducted by Censuswide on behalf of Delinea on 300 IT decision-makers across a broad range of industries in the United States, with the responses suggesting there has been a 60% decline in attacks between 2021 and 2022. In 2021, the survey revealed 64% of organizations had experienced a ransomware attack in the past 12 months, compared to 25% of organizations in 2022.

Ransomware attacks have been reported by small and large healthcare organizations, with the Hive ransomware group known to target smaller medical practices that provide telehealth services, but ransomware gangs appear to still favor attacks on larger organizations, with the Delinea survey revealing 56% of organizations that suffered a ransomware attack in the past 12 months had 100 or more employees.

In 2021, the Conti ransomware operation was the major ransomware player, but in early 2022 the group was disbanded, with its members moving to smaller ransomware operations. While these groups are conducting many attacks, Delinea suggests the shutdown of this large ransomware operation may explain, in part, the decline in attacks. According to GuidePoint Security, there was a 53% decline in attacks by the two main ransomware gangs – Conti and LockBit – last year, yet overall attacks only decreased by around 7%.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Another suggested reason for the decline in attacks is ransomware-preventing security controls are proving to be effective at thwarting attacks. It should also be noted that several ransomware gangs have also started conducting extortion-only attacks, where data are stolen and threats are issued to publish data if the ransom is not paid, but file encryption does not occur. While these attacks are conducted by ransomware gangs, they may not be classed as ransomware attacks, and this could be reflected in the survey data.

In 2022, messages between members of the Hive ransomware gang were intercepted that suggested the group was not having problems compromising organizations but was struggling to force attacked organizations to pay up. The Delinea survey confirmed that fewer organizations are paying up, with 68% of organizations saying they paid the ransom following an attack in 2022 compared to 82% in 2021. The survey also confirmed some of the negative consequences of ransomware attacks, with 56% of companies saying they lost revenue as a result of a successful ransomware attack, with 50% of companies saying they lost customers, although fewer organizations than last year said they suffered reputational damage as a result of an attack – 51% in 2021 compared to 43% in 2022.

Attitudes to ransomware attacks also appear to be changing. In 2021, 88% of organizations said they believed it should be illegal to pay a ransom to cybercriminals following a ransomware attack, but in 2022, 63% of surveyed companies felt that way and believed they should have the choice about whether or not to pay for the keys to recover their data and prevent data exposure.

The reduction in attacks is certainly good news, but it does not mean that they will not increase again. It is therefore concerning that Delinea found investment in ransomware defenses is declining. In 2021, 93% of surveyed organizations said they had allocated funding to combat ransomware attacks, whereas that percentage fell to 68% in 2022. The survey also revealed that only half of the surveyed organizations had implemented best practices to prevent ransomware attacks, such as enforcing password best practices (51%) and multi-factor authentication (50%). There was also a notable decline in the number of companies that had an incident response plan specifically for ransomware attacks, which fell from 94% in 2021 to 71% in 2022.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist