Researchers Observe Increase in Emerging Ransomware Groups Targeting Healthcare

Healthcare used to be an off-limits sector for ransomware groups, but emerging ransomware gangs were not afraid to target the sector in 2023, GuidePoint Security observed.

Researchers observe increase in emerging ransomware groups targeting healthcare. The healthcare sector was hit hard by data breaches in 2023, with more than 540 organizations reporting breaches to HHS last year. Ransomware remains a top threat to healthcare exemplified by the number of high profile attacks carried out by the profilic threat actor groups and lesser known gangs alike.

In its annual ransomware report, the GuidePoint Research and Intelligence Team (GRIT) used publicly available data to explore these trends and how they vary across the threat landscape, uncovering troubling changes in the threat landscape. GRIT observed 63 distinct ransomware groups compromising thousands of victims throughout 2023. Healthcare was the third-most targeted industry in 2023 according to GRIT, behind manufacturing and technology.

Attacks by prolific ransomware groups such as LockBit, Alphv, and Clop accounted for the vast majority of victims across all analyzed industries. GRIT identified these groups as “established,” meaning that they are groups that have operated for at least nine months and maintain well-defined tactics.

For example, Rhysidia ransomware emerged in May 2023 as a relatively unknown group. Despite its immaturity, Rhysidia immediately began using phishing and other tactics to target victims around the world and publish stolen files online. The group was also not shy in its targeting of the healthcare, education, and government sectors.

“Healthcare has historically been considered ‘off limits’ for some ransomware programs as this brings negative press coverage and extra attention from law enforcement agencies,” GRIT noted.

However, the actions of these emerging groups as well as an increase in healthcare targeting by established groups in 2023 suggest that this mindset is shifting.

“Healthcare targets rose in popularity among both Established and Developing groups in 2023. Healthcare victims often hold a large amount of PII data, rendering them a high-value target for more mature ransomware groups capable of exploiting or extorting based on large volumes of data,” GRIT added. “While the Healthcare industry was once considered off-limits and less frequent as targets by Established groups, we have witnessed this norm eroding in 2023.”

With this analysis in mind, GRIT predicted that ransomware groups would continue to aggressively target victims, with the most prolific groups leading the innovation and technique advancements for the lesser-known groups.

“As 2024 unfolds, Defenders and the security community are increasingly aware of and prepared for the threat of ransomware,” the report concluded. “Our future success will depend on our ability to adapt to and match the paces of a committed, resilient, and increasingly professionalized adversary. To this end, industry best practices in threat intelligence, information sharing, and public-private partnerships remain our most viable and effective options to force adversaries to cede ground.”

Click here  for a FREE cyber security risk assessment and review your potential risks.