Alarming Growth in U.S. Cyber Crime

March 13, 2024

Health care remains the top target for a “multitude of malicious actors who have the tools to conduct large-scale fraud schemes,” and the challenge to protect against cyberattacks continues to grow.

A new report this month from the FBI’s Internet Crime Complaint Center (IC3) highlights the growing digital threats for critical infrastructure organizations, including hospitals and health systems. The report analyzes the period before the Change Healthcare cyberattack disrupted claims, payments, and other critical functions across the health sector.

“Profit-driven cybercriminals and nation-state adversaries alike have the capability to paralyze entire school systems, police departments, health care facilities, and individual private sector entities,” the report notes.

Here are a few key takeaways from the report:

• By sector:  The health care sector reported 249 complaints for ransomware, the most among critical infrastructure sectors.
  • There were 1,193 total incidents reported for critical infrastructure sectors.
• Top Internet crimes:  Phishing/spoofing was the top cyber crime, with 298,878 complaints during 2023. Personal data breach and non-payment/non-delivery were the next most common, with 55,851 and 50,523 complaints, respectively.
• Biggest losses:  Investment crimes had the largest losses ($4.6 billion), which represented a 38 percent increase from the previous year. The next largest losses were for business email compromise ($2.9 billion), and tech support ($924 million).
• Top actors:  The top five ransomware variants reported to the IC3 for the critical infrastructure sector were Lockbit, ALPHV/Blackcat, Akira, Royal, and Black Basta.
• In Pennsylvania:  Pennsylvania was in the top 10 for Internet crimes, with 16,407 complaints resulting in $360.3 million in losses. When adjusted for population, the commonwealth ranked 32 for complaints and 25 for losses stemming from these incidents.

“Our strategy focuses on building strong partnerships with the private sector; removing threats from US networks; pulling back the cloak of anonymity many of these actors hide behind; and hitting cybercriminals where it hurts: their wallets, including their virtual wallets,” the IC3 report said.

HAP continues to monitor the latest Change Healthcare cybersecurity news and advocate on behalf of our members. Earlier this month, HAP created a one-stop shop to offer the latest resources online, including exclusive member-only information (login required).

The IC3 report also is available to review online.