Cybersecurity Stigma: More Victims Avoid Saying 'Ransomware'Rebecca Moody of Comparitech Charts Ransomware's 'Dramatic Impact' on Healthcare
Ransomware continues to slam numerous sectors, including healthcare. But is it getting worse or better? Which gangs are causing the most damage, and what are attackers' top targets? Those are questions being asked by police, policymakers and more.
Unfortunately, while ransomware continues to have "a dramatic impact," especially in terms of downtime and exposed records, accurately gauging ransomware attack trends continues to be complicated by the fact that so many incidents never publicly come to light, says Rebecca Moody, head of data research at cybersecurity research firm Comparitech, which recently published a new study on the impact of ransomware on the healthcare sector.
Many ransomware groups use data leak sites to threaten and list victims unless they pay a ransom. But Moody says that the information contained on these sites is unreliable, and only a subset of victims end up being listed.
Another complication: the apparent stigma facing victims. "A lot of companies are avoiding the word 'ransomware,'" she says, in favor of saying "cyberattack" or "security incident."
"Sometimes they will say that systems are encrypted, so that gives you a good indication it's ransomware," Moody says. "But I think there's a movement away from publicly admitting to having suffered a ransomware attack - unless their hands are tied and systems have gone down, hackers have publicly released data and so on."
In this video interview with Information Security Media Group, Moody discusses:
- How ransomware continues to affect the healthcare sector;
- Victims' increasing hesitancy to label a ransomware attack as such;
- Why mandatory reporting of ransomware attacks or ransom payments would help everyone from consumers to policymakers.
Moody leads Comparitech's three-person data research team, producing studies on a range of privacy, security and streaming topics. Access to her research has been requested by government departments and NGOs worldwide, including the United Nations, the European Union Commission's Communications Directorate and UNESCO.
Over 5,000 health data breaches since 2009 have affected the personal information of 370 million people. Ransomware gangs and hackers are targeting healthcare providers, insurance firms and partners at an alarming rate. Targeting Healthcare explores these trends and how the industry can respond.