Healthcare organizations are under constant attack from cyber criminals seeking to exploit vulnerabilities in their systems. In addition to the financial cost of these attacks, healthcare organizations must also deal with the potential loss of patient data and the disruption of critical services.
A recent report from Sophos, “The State of Ransomware in Healthcare 2022,” revealed that the number of healthcare organizations hit by ransomware had increased by 94% since 2020. 66% became ransomware victims in 2021, compared to just 34% the year before.
Healthcare organizations are especially vulnerable to ransomware attacks due to the sensitive nature of their data. In addition, the need for efficient and widespread access to this data type means that healthcare organizations often have less secure systems than other types of businesses.
“Ransomware in the healthcare space is more nuanced than other industries in terms of both protection and recovery. The data that healthcare organizations harness is extremely sensitive and valuable, which makes it very attractive to attackers,” said John Shier, a senior security expert at Sophos.
The speed of a business can help detect and respond to ransomware attacks. Healthcare organizations are lagging in detection and response times, taking an average of one week to recover from a ransomware attack. Ransomware recovery costs have also increased to an average of USD1.85 million.
“In addition, the need for efficient and widespread access to this type of data – so that healthcare professionals can provide proper care — means that typical two-factor authentication and zero trust defense tactics aren’t always feasible. This leaves healthcare organizations particularly vulnerable, and when hit, they may opt to pay a ransom to keep pertinent, often lifesaving, patient data accessible,” Shier added.
Healthcare organizations also often pay ransoms, with 61% of organizations paying up when their systems are attacked. However, they also have the lowest average ransom amount, at USD197,000. This is in contrast to the global average ransom amount of USD812,000.
There is some good news to be found, as the report did show that healthcare organizations were getting better at dealing with ransomware attack aftermaths. Cybercriminals returned some or all the data to 99% of those healthcare organizations affected by ransomware.
Considering these findings, Sophos recommends healthcare organizations to:
Ensure that high-quality defenses are in place across the entire organization and that security controls are reviewed regularly.
Strengthen the IT environment by searching for and closing critical security gaps, such as unpatched devices, unprotected machines, and open Remote Desktop Protocol ports.
Make backups and practice restoring them so that the organization can get back up and running as soon as possible, with minimum disruption.
Image credit: iStockphoto/AndreyPopov