• The number of reported major IT/hacking events attributed to ransomware by health care institutions increased by 89 percent from 2016 to 2017
  • Medical records represent the most comprehensive set of records for an individual, rivalling those records stored within credit bureaus for completeness and criminal utility
  • 2017 was a very challenging year for healthcare institutions as these organizations remain under sustained attack by cyber attackers that continue to target their networks through the use of well understood vulnerabilities
  • All six of the six largest IT/hacking healthcare events reported in 2017 were attributed to ransomware, according to the report
  • There were 3,442,748 records reported compromised in 2017, a substantial decrease from 13,425,263 reported compromised in 2016
  • In past years, cyber criminals targeted the largest healthcare institutions as evidenced by events impacting for example, Anthem (78.8 million records), Premera Blue Cross (11 million records), Banner Health (3.6 million records) and Newkirk Products (3.4 million records)
  • This low hanging fruit has to some extent, been harvested and attackers are now increasingly turning their attention to the broader mix of health care entities
  • The emergence and refinement of advanced ransomware tools lowers both the cost and the time for cyber attackers to target smaller healthcare institutions – now they can cost effectively reach physician practices, surgical centers, diagnostic laboratories, MRI/CT scan centers and many other smaller yet critical healthcare institutions
  • This is the beginning of a trend that will increase substantially in 2018 and 2019.