A diagnostic imaging technologist analyzes magnetic resonance imaging and computerized tomography prints on Holloman Air Force Base, N.M. (Staff Sgt. BreeAnn Sachs/Air Force)

The healthcare sector saw the largest increase in target IoT malware attacks in 2021, according to the latest annual SonicWall Cyber Threat Report. Compiled from data collected from 1.1 million global sources, researchers saw a 71% increase in IoT malware against healthcare clients.

Healthcare also saw the lowest percentages of its customers targeted with IoT malware attacks, despite the large rate of these attacks against the entities. The distinction is likely caused by the manner in which IoT devices are networked: “Healthcare facilities tend to keep these devices on their own separate and highly secured network, largely inaccessible by other devices.”

Considering long-standing discussions on patch management challenges, the high rate of legacy device use, and network complexity, SonicWall’s data demonstrates that its healthcare clients have likely employed effective network segmentation strategies.

It’s a heartening stat considering recent Cynerio research detailing the rate of IoT and medical devices operating with a known vulnerability.

However, despite the continued decline in malware last year, the report shows the healthcare and government sectors faced the largest increase in malware last year. The education sector saw the highest percentage of target attacks, with nearly 23% of entities targeted in any given month. 

The stats highlight the continued impact of cybercrime on critical infrastructure entities.

The rate of attacks on healthcare were on par with the retail sector, with 16.3% and 16.4%, respectively. Researchers noted there were two peaks for these sectors, once in March and again in August.

Overall, malware saw a 4% decrease in volume in 2021, marking a third year in decline and reaching a seven-year low. SonicWall researchers noted this could indicate that the threat may be headed for a rebound.

The report also showed the healthcare sector also saw an “aggressive year-over-year growth” in cryptojacking volume. Previously, cryptojacking was primarily spread through fileless malware, phishing emails containing malicious links, malvertising, and other nefarious means.

But in 2021, researchers observed a number of cryptojacking efforts spreading through pirated or cracked software, public project hosting websites, and vulnerable web servers.

"While ransomware attacks can easily disrupt regular business operations, it’s quite another reality when critical medical facilities, devices and life-saving health data are impacted and potentially taken offline," Dmitriy Ayrapetov, vice president of platform architecture at SonicWall told SC Media.

"With a 755% increase in ransomware attacks in 2021 within the healthcare sector, the message is clear: be prepared," he added. "Create backups, patch, segment the network — especially legacy systems —enable multi-factor authentication."

The report contains some notable, standalone stats that span all sectors, including that ransomware made up the largest portion of detected malware signatures — but amounted to just one-quarter of the overall volume. Ransomware attacks also continue to proliferate, with about 623.3 million attacks globally last year.

The data confirms the rate of attacks remained consistent in the last two years, serving as a reminder to review current response plans, segmentation, and patch management policies. Earlier this week, McKinsey released a ransomware-specific guide that can help support preparation and response for these key vulnerabilities.