Specialist insurer expects 250% increase in ransomware attacks in 2016

Data breach

Data breaches involving ransomware among Beazley clients more than doubled to 43 in 2015 and the trend appears to be accelerating in 2016, the specialist insurer said.

Ransomware attacks – where hackers lock up an organisation’s data, holding it until a ransom is paid in nearly untraceable Bitcoin – are increasingly common and cyber criminals’ new innovations have been making headlines recently.

Earlier this month, Apple users were targeted by hackers in the first-ever functioning ransomware campaign involving Macintosh computers. Furthermore, the first case of ransomware using audio messages was also reported this month. This ransomware, called Cerber, reads out the ransom message numerous times with the help of a text-to-speech utility.

Based on its figures for the first two months of the year, Beazley projects ransomware attacks to increase by 250% in 2016.

For hackers employing ransomware, the healthcare sector is an attractive target. In February 2016, Hollywood Presbyterian Hospital in Los Angeles reported suffering a ransomware attack and ultimately paid the hackers $17,000 in Bitcoin.

“Clearly, new malware programs, including ransomware, are having a big impact,” said Paul Nikhinson, privacy breach response services manager for Beazley Breach Response (BBR) Services. “Hacking or malware was the leading cause of data breaches in the healthcare industry in 2015, representing 27% of all breaches, more than physical loss at 20%.”

He added: “Healthcare is a big target for hackers because of the richness of medical records for identity theft and other crimes. In fact, a medical record is worth over 16 times more than a credit card record.”

Beazley’s specialised BBR Services unit responded to 60% more data breaches in 2015 compared to 2014. The findings are based on 777 incidents occurring in 2014 and 1249 incidents in 2015.

Apart from healthcare, other sectors frequently targeted include financial services and higher education. The latter accounted for 35% of incidents in 2015, up from 26% in 2015.

Colleges and universities are reporting increased ‘spear phishing’ incidents in which hackers send personalised, legitimate-looking emails with harmful links or attachments. The relatively open nature of campus IT systems, widespread use of social media by students and a lack of the restrictive controls common in many corporate settings make higher education institutions particularly vulnerable to data breaches.

In the financial services sector, hacking or malware was up modestly to 27% of industry data breaches in 2015 versus 23% in 2014. Trojan programs continued to be a popular hacking device according to Beazley’s data.