Healthcare and public health agencies were the most-attacked sectors for ransomware last year, according to the Federal Bureau of Investigation. Critical manufacturing and the government followed for being highly targeted for ransomware attacks. 

Speaking last month at a Futurescot conference in Glasgow, Scotland, David Scott, deputy assistant director of the FBI’s Cyber Division, said that the agency’s Internet Complaint Center last year received 870 complaints that “indicated organizations belonging to a critical infrastructure sector were victims of a ransomware attack,” BankInfoSecurity reported

Scott also is director of the National Cyber Investigative Joint Task Force, an interagency organization coordinating efforts against cybercriminals involving 30 partner agencies from across law enforcement, the intelligence community, including the Central Intelligence Agency and the Department of Defense. The task force officially was established in 2008.

A New Jersey continuing care retirement community is calling a potential data breach of resident information an “isolated incident” and is using it as an opportunity to educate staff members and beef up its technical safeguards.

Medical devices, when in use, have an average of six cybersecurity vulnerabilities, putting users, their systems and patients at risk of attack, including data theft, according to a report from the agency’s cyber division, according to a 2022 report from the FBI. Common devices that are at risk of cyber attack include insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers and intrathecal pain pumps, according to the notification.

A Canadian man linked to an international network of ransomware attacks affecting the senior living industry during the COVID-19 pandemic was sentenced in October to 20 years in prison and ordered to forfeit $21.5 million.

The volume of cyberattacks has remained constant in recent years, according to BankInfoSecurity, but ransom payments have declined. For example, when cybercriminal syndicate Hive hit Consulate Healthcare in January, potentially exposing a significant amount of resident, patient and staff data, the nursing home chain refused to pay the ransom.

“They will not be rewarded for their actions,” the company said in a statement at the time. “We have been able to fully recover our systems without capitulating to extortion demands.”

Ransomware and other cyberattacks against healthcare companies have been rising. The Department of Health and Human Services’ Cybersecurity Program issued an alert in April 2022 warning of “exceptionally aggressive” attacks from Hive. After a months’ long investigation and infiltration by the FBI, the Justice Department successfully dismantled Hive as of Jan. 26. 

“The Department of Justice’s disruption of the Hive ransomware group should speak as clearly to victims of cybercrime as it does to perpetrators,” Deputy Attorney General Lisa O. Monaco said in a statement. “In a 21st century cyber stakeout, our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million dollars in ransomware payments. We will continue to strike back against cybercrime using any means possible and place victims at the center of our efforts to mitigate the cyber threat.”