In the realm of data breaches and hacking events, there are a handful of victims who are easy targets, for one reason or another. Elder scams, for example, are quite common–and utterly reprehensible, committed by the lowest humans on the planet–due to the perception that senior citizens are both naive and overly trusting of others. Child identity theft (another of the more reprehensible crimes) also preys upon a particularly lucrative demographic due to the fact that most children don’t check their credit reports until they become adults.
But one victim demographic is at even more risk than most due to the criminal and civil penalties that they can incur for being victimized. Yes, in the case of hospital ransomware attacks, the medical center can be held responsible for hackers choosing to target them, which is why the crime works so well.
Ransomware attacks have been on the rise in recent months as hackers have discovered the facilities’ willingness to pay up in order to regain control of their networks or their data. The fear of lawsuits when patients die due to the inability to access digital medical records is quite an incentive to cooperate; in the US, regardless of how the patient information ended up online, the hospital will face severe penalties for the HIPAA privacy violation if the attackers follow through with the threat of putting the records on the Internet.
Therefore, several large medical centers have already attempted to “play nice” with hackers, and in some of those cases, the hackers took the money and still wouldn’t unlock the hospital’s network.
DataBreaches.net and Protenus have released their monthly data breach report for July, and have found that ransomware attacks against hospitals accounted for almost 30% of the breaches that month, many of them attributed to the same hacker. The month before saw record-setting numbers of attacks, with 41% of the attacks involving ransomware, which compromised more than 11 million records in those thirty days alone.