By Elizabeth Snell

April 27, 2017 - Half of the reported healthcare data security incidents from October 2015 to September 2016 stemmed from healthcare ransomware attacks, according to a recent NTT Security report.

The NTT Security 2017 Global Threat Intelligence Report found that healthcare also contributed to nearly three-quarters of ransomware attacks from around the globe. Healthcare, business & professional services, government, and retail combined to account for 77 percent of ransomware attacks.

For all industries, phishing attacks were responsible for 73 percent of all malware delivered to organizations. Government and business and professional services were the top two industries most likely to be attacked at a global level, the report showed.

"Our end goal is not to create fear, uncertainty and doubt or to overcomplicate the current state of the threat landscape, but to make cybersecurity interesting and inclusive for anyone facing the challenges of security attacks, not just security professionals,” NTT Security GTIC Threat Intelligence & Incident Response Vice President Steven Bullitt said in a statement.

“We want to ensure everyone is educated about these issues and understands that they have a personal responsibility when it comes to the protection of their organization, and that the organization has an obligation to help them do so."

Password and user authentication security might be a continuing problem, the report indicated. Twenty-five passwords accounted for approximately one-third of all authentication attempts against NTT Security honeypots last year. Additionally, over 76 percent of log on attempts included a password known to be implemented in the Mirai botnet.

ICIT highlighted in a 2016 report how the Mirai botnet and similar types of attacks could be particularly harmful to the healthcare industry.

“While there is no indication that healthcare devices have been incorporated into DDoS botnets, it may be only a matter of time before an adversary adapt an IoT malware such as Mirai, to harness the computational resources of medical devices because many lack basic access controls such as multi-factor authentication (or any authentication whatsoever),” ICIT Senior Fellow James Scott and ICIT Researcher Drew Spaniel wrote.

Mirai specifically “offers malicious cyber actors an asymmetric quantum leap in capability,” the duo added. Mirai has a strong development platform “that can be optimized and customized according to the desired outcome of a layered attack by an unsophisticated adversary.”

However, the NTT report also indicated that industries might be improving their response plans. Specifically, 32 percent of surveyed organizations had a formal incident response plan, an increase from an average of 23 percent in previous years.

Furthermore, 59 percent of all incident response engagements were in the top four industries. Healthcare accounted for 17 percent, finance accounted for 16 percent, and business and professional services accounted for 14 percent. Retail rounded up the top four with 12 percent of the incident response engagements.

It was also found that in total, over 60 percent of incident response engagements were related to phishing attacks.

The onslaught of healthcare ransomware attacks is also expected to affect the growth of the Ransomware Protection Market.

MarketsandMarkets showed in a global forecast to 2021 that the market size is expected to grow from USD 8.16 billion in 2016 to USD 17.36 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 16.3 percent.

The BFSI vertical is also predicted to dominate the Ransomware Protection Market as healthcare continues to utilize web and mobile applications for banking transactions and payment.

“Threat intelligence solution is expected to grow at the highest CAGR in the Ransomware Protection Market, during the forecast period,” MarketsandMarkets said in a statement. “Organizations are increasingly adopting threat intelligence solutions to combat ransomware and other advanced cyber threats, as these solutions provide effective and reliable threat detection to alleviate cyber threats based on security events and security intelligence feeds to manage business risks.”