Cyber Thieves Begin to Innovate

Recent hackings of hospitals and schools are creating new worries for cybersecurity leaders across all industries.


It was an alarming breach by itself when hackers in late October published employee files, financial reports, and other sensitive data from a North Carolina surgical center with threats to publish other sensitive healthcare information. But for cybersecurity leaders there’s an even more troubling takeaway: hackers are using the disruptive pandemic to “innovate.”

Normally hackers will threaten to shut down an organization’s digital systems unless the organization pays a ransom. But in the North Carolina case, a hack targeting Las Vegas public schools in September, and multiple recent attempts elsewhere, the thieves took the unusual step of publishing sensitive details when the ransom wasn’t paid. New as well is how cyber thieves are shifting to smaller outfits such as schools and health organizations, which they had rarely touched. “You’d think that there would be lines that would not be crossed,” says Aileen Alexander, managing partner in Korn Ferry's Technology Officers practice and coleader of the firm’s Global Cybersecurity practice. “Guess not.”

The pandemic, of course, has created a slew of challenges on the cybersecurity front. With enormous staffs now working remotely, there are far more access points into an organization’s internal network—which in turn means more opportunities for hackers to breach the system. Cyberattacks across industries have been on the rise since March as hackers look to exploit the increased use of video conferencing and personal computers to gain access to confidential information. Flat-out stealing and publishing data, as was done in some recent cases, versus threatening to break into a system to shut down service, adds another layer of complexity to the typical cybersecurity leader’s challenge.

Healthcare organizations, in particular, have been increasingly targeted as COVID-19 cases surge across the country. In the last week of October, hackers successfully infiltrated hospitals in New York, Vermont and Oregon, forcing the organizations to postpone surgeries and halt radiation treatments for some cancer patients. During the last week of October the FBI warned healthcare groups that it believes there will be an increase in hack attempts against hospitals and healthcare organizations.  

The ransom paid to hackers—or adversaries, as they are called in the cybersecurity industry—is also on the rise. While individual ransom attempts vary wildly, Coveware, a ransom negotiating firm, reported an increase in average ransom payments for all industries, up 31% to $233,817, in its third quarter ending in September. The firm says hackers almost always deliver a decryption tool to the hostage companies or organizations once the ransom was paid. The United States government does not encourage organizations to pay a ransom, but many organizations do.

At the same time, hackers are increasingly looking at smaller or midsize organizations to assault, including schools and healthcare organizations. Many don’t have the resources to hire full-time cybersecurity leaders, train their stakeholders on how to avoid common threats, or continuously update their systems to counter threats. In some instances, ransom attacks this fall have forced school districts to delay reopening.

The adversaries have always been creative, but they haven’t traditionally gone after smaller organizations, Cummings says. “Some organizations that didn’t have religion about the issue have it more so than they had before.” Indeed, while the broad jobs market is not great, companies are still actively searching for and bringing on cybersecurity leaders, Alexander says.

Leaders short on resources can turn to third parties to manage their cybersecurity and they can also bring in consultants to assess their current situation. At the same time, some organizations are turning to their peers for guidance on the best ways to combat digital adversaries. Alexander recommends that leaders seek out an information and sharing and analysis center, or ISAC, to share tools and advice to stay abreast of the latest threats and events. There are more than 20 ISACs in the US broken down by industry, such as healthcare, transportation, and real estate.