Spooky Cyber Stats And Trends In Time For Halloween


Every year the stats on cyber-attacks seem to get spookier! As we finish October’s Cybersecurity Awareness month, it is a suitable time to review some of the key statistics and trends that can haunt us and help us meet the cybersecurity challenges of the evolving digital ecosystem. There are so many frightening cyber stats that I had room for only a few categories, but they are important ones to know.

“Nearly 40% of healthcare organizations reported it took more than a month to recover after an attack, according to the survey by cybersecurity firm Sophos. The healthcare sector’s increased burden of ransomware attacks comes as other industries face fewer incidents, according to the survey by cybersecurity firm Sophos. Recovery from ransomware attacks is taking longer — sometimes more than a month — as attacks increase against the healthcare industry, About two-thirds of respondents said they were hit by a ransomware attack in the past year, up from 60% the year prior. Just 34% said they were hit by a ransomware attack in Sophos’ 2021 report.”

14M patients affected by healthcare data breaches in 2024

Healthcare organizations remain top targets for cyberthreat actors, according to a SonicWall threat brief that explored trends in healthcare data breaches.14M patients affected by healthcare data breaches in 2024 | TechTarget

“At least 14 million patients in the U.S. have been affected by healthcare data breaches in 2024 so far, a threat brief by cybersecurity company SonicWall revealed. What's more, 91% of the healthcare data breaches that SonicWall researchers analyzed involved ransomware, highlighting the continued targeting of the U.S. healthcare sector. SonicWall based its report on data from SonicWall Capture Labs, which uses machine learning to collect and retain data about attack vectors and threats in real time. The researchers concluded that healthcare remains a top target for exploitation by cyberthreat actors due to its data-driven nature and reliance on sensitive data.”

“The massive Change Healthcare cyberattack could have compromised data from 100 million people — the largest healthcare data breach ever reported to federal regulators. Responding to the cyberattack has cost UnitedHealth too. Earlier this month, the healthcare giant said it has recorded $2.5 billion in total impacts from the attack through the nine months ended Sept. 30, including $1.7 billion in direct response costs.”

CB Take: The cyber-attack on Change Healthcare is certainly alarming and is another wake-up call. It is not surprising that hackers focus on healthcare. As computers and other devices used for medical care become more networked and linked, the digital world of health management, clinics, hospitals, and patients has become more vulnerable. A more comprehensive approach to healthcare cybersecurity should include better risk management, more investments in cybersecurity to protect systems, and good cyber hygiene.

Dmitry Raidman, CTO & Co-founder, of the company Cybeats offers excellent advice: “Given its critical nature and unique vulnerabilities, the healthcare sector must adopt a multi-layered approach to combat the rise in ransomware attacks. This means strengthening security through continuous network segmentation, deploying endpoint detection, and enhancing user training, as healthcare systems are only as resilient as their most vulnerable points. A proactive, risk-based approach that includes frequent vulnerability assessments and comprehensive data backups is essential to ensure both operational continuity and patient safety. Collaboration with industry stakeholders and sharing threat intelligence can also provide the healthcare sector with a stronger front against these growing cyber threats."

 “Ransomware attacks rose 73% between 2022 and 2023, according a report published Thursday by the Ransomware Task Force, part of the Institute for Security Technology, a Washington D.C. think tank. The annual report, which includes a map of global ransomware incidents and identifies ransomware trends based on reporting of double-extortion attacks — in which cybercriminals demand ransom payments from victims to keep their data private and off the dark web — found there were 6,670 ransomware incidents in 2023, with more than 2,800 incidents just in the United States.”


Comments