Healthcare-related cybercrime cost victims nearly $30 million in 2020

May 20, 2021

CrowdStrike reported data analysis by its cybersecurity experts that revealed victim losses from healthcare-related eCrime in the U.S. rose by 2,473% during the COVID-19 pandemic.  

Healthcare eCrime describes a scheme attempting to defraud private or government health care programs, affecting health care providers, companies, or individuals. Tactics often include offers for fake insurance cards, health insurance marketplace assistance, stolen health information or various other scams involving medications, supplements, weight loss products, or diversion/pill mill practices. Criminals usually target victims through spam email, online advertisements, links in forums or on social media and fraudulent websites. 

According to analysis of the latest data released by the FBI’s Internet Crime Complaint Center (IC3), of the $4.2 billion lost to eCrime in the U.S. in 2020, nearly $30 million of victim losses resulted from healthcare cybercrime. This figure is up more than 2,000% compared to 2019 levels when total victim losses totaled $1,128,838: 

Ranked in second place are eCrimes involving malware, scareware or viruses, with victim losses up 244 percent between 2019 and 2020. It’s estimated victims lost $6,904,054 last year to this type of eCrime, up from $2,009,119 in 2019 before the pandemic reached U.S. shores. 

Ransomware victim losses saw the third largest percentage increase in 2020 – up 225% from 2019 levels. Ransomware can take many forms, but they all have one thing in common — they demand a ransom in exchange for restored access to a system or files. Overall, victims in the U.S. lost $29,157,405 in 2020. 

Recent research by CrowdStrike Intelligence services revealed the COVID-19 pandemic has caused a surge in ransomware attacks, specifically those using data extortion techniques. And healthcare has become a key target.  In fact, the healthcare sector ranks in the top five most targeted by ransomware data extortion last year. 

The sector reported 97 incidents, up 580% compared to pre-pandemic times (Q1 2020) despite Big Game Hunters – threat actors who target bigger, more secure targets for larger ransoms – such as TWISTED SPIDER claiming they would refrain from infecting medical organizations until the pandemic had stabilized. 

In the words of the FBI’s Deputy Director, “In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree.” 

This refocusing of activity is correlated with the emergence of scams exploiting the COVID-19 pandemic and people’s struggles or good nature. The IC3 received over 28,500 COVID-19 related complaints from both businesses and individuals in 2020 and 791,790 complaints for all types of eCrime – up from 467,361 in 2019. 

In the past five years (2016 to 2020), victim losses from eCrime in the U.S. totaled over $13.3 billion dollars and losses are growing every year. These findings are concerning for individuals, businesses, law enforcement agencies and governments alike. 

CrowdStrike has the report. 

More COVID-19 coverage HERE.