Hospitals have become a favorite target of ransomware. Fearful that a shutdown of their computer systems could mean loss of life, many hospitals have paid up. The latest victim is the DCI Health System in Alabama but there were 491 attacks on healthcare providers in the first three quarters of 2019.

Heather Landi filed this report for Fierce Healthcare:

The FBI issued a warning Oct. 2 that ransomware attacks are becoming “more targeted, sophisticated and costly, even as the overall frequency of attacks remains consistent.”

Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by FBI case information, the agency said. Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted healthcare organizations, industrial companies and the transportation sector, the FBI stated.

The FBI does not advocate paying a ransom, the agency said, “in part because it does not guarantee an organization will regain access to its data.” In some cases, victims who paid a ransom were never provided with decryption keys. In addition, due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key, according to the agency.

[…]

Cybercriminals are increasingly targeting software commonly used by managed and other third-party service providers. In such attacks, multiple customers of a service provider can be simultaneously hit, as was the case in the August incident in which 22 cities and towns in Texas were impacted, according to Emsisoft.

The average ransom demand also has continued to increase in 2019. If one organization is willing to pay $500,000, the next may be willing to pay $600,000, Emsisoft said in its report. And insured entities may be more likely to pay demands, which results in ransomware being more profitable than it would be otherwise, and that helps further incentivize attacks.