Expect a 250% increase in ransomware attacks this year
Think you've been hearing a lot about ransomware attacks lately? You haven't seen anything yet, according to Beazley, a data breach response insurance provider, which predicts the number of ransom attacks this year on the healthcare industry will increase by 250 percent compared with last year.
Beazley Breach Insights' 2016 findings are based on its response to over 2,000 breaches in the past two years.
The specialized Beazley Breach Response (BBR) Services unit responded to 60 percent more data breaches in 2015 compared to 2014, with a concentration of incidents in the healthcare, financial services and higher education sectors.
Breaches caused by either hacking or malware nearly doubled in relative frequency over the past year. In 2015, 32 percent of all incidents were caused by hacking or malware vs. 18 percent in 2014.
Unintended disclosure of records—such as a misdirected email—accounted for 24 percent of all breaches in 2015, which is down from 32 percent in 2014.
The loss of non-electronic physical records accounted for 16 percent of all breaches in 2015, which is unchanged from 2014.
The proportion of breaches involving third party vendors more than tripled over the same period, rising from 6 percent of breaches in 2014 to 18 percent of breaches in 2015.
Beazley's data breach statistics are based on 777 incidents in 2014 and 1,249 in 2015.
"We saw a significant rise in incidents caused by hacking or malware in the past year," said Katherine Keefe, global head of BBR Services, in a release. "This was especially noticeable in healthcare where the percentage of data breaches caused by hacking or malware more than doubled."
Hackers are increasingly employing ransomware to lock up an organization's data, holding it until a ransom is paid in nearly untraceable Bitcoin. Breaches involving ransomware among Beazley clients more than doubled to 43 in 2015 and the trend appears to be accelerating in 2016, according to the firm. Based on figures for the first two months of the year, ransomware attacks are projected to increase by 250 percent in 2016.
"Clearly, new malware programs, including ransomware, are having a big impact," said Paul Nikhinson, privacy breach response services manager for BBR Services. "Hacking or malware was the leading cause of data breaches in the healthcare industry in 2015, representing 27 percent of all breaches, more than physical loss at 20 percent."
Beazley offered several tips for organizations to defend against attacks:
- Train employees to be aware of the information they need to protect—personally identifiable information (PII) and protected health information (PHI)—and to avoid falling for phishing attacks and other forms of social engineering.
- Develop a robust incident response plan because data breaches cannot be well-handled on the fly. Advance planning can help avert serious reputational or financial harm.
- Categorize potential data risks by threat level to avoid damage from over-reacting to a breach.
- Review supplier contracts carefully to ensure that customers' data is well protected when it is in the hands of suppliers or vendors.
- Encrypt data—especially devices most likely to be lost such as laptops and thumb drives.