In February, ransomware attackers targeted Chain Healthcare, the payment management arm of healthcare giant UnitedHealth Group, causing backlogs in prescription insurance claims.

Ransomware can be introduced to a company’s databases through even the smallest slip by an employee, like clicking a link in a phishing email. But as companies have gotten better at keeping criminals out, the crooks have gotten more creative, Mandiant CTO Charles Carmakal says.