Healthcare Ransomware Attacks have increased significantly in recent months
A recent survey suggests that ransomware attacks on healthcare organizations increased by nearly 100 % in the past year.
Healthcare organizations harness extremely sensitive and valuable data, making it attractive to attackers.
“About 66 percent of healthcare organizations were hit in 2021 as against 34 percent in 2020,” the State of Ransomware in Healthcare 2022 report, compiled by renowned cybersecurity solutions company Sophos, said.
The survey covered 5,600 IT professionals, including 381 healthcare respondents, in mid-sized organizations (with 100-5,000 employees) in 31 countries.
To corroborate all this, the U.S. Department of Health and Human Services (HHS) created a list that included at least 125 electronic data breaches of healthcare organizations. This was reported in April, The hospital recently disclosed that it suffered a Healthcare Ransomware Attack that exposed the data of 700,000 individuals.
However, the good news is that healthcare organizations are better equipped to deal with the post-attack situation than they were a year ago. The Sophos report also shows that 99% of the targeted organizations could get at least some of their data back after cybercriminals encrypted it during the attacks.
Healthcare breaches on the rise
Imagine IT’s cybersecurity experts have also recently seen increased data breaches in the healthcare industry. A study by Critical Insight conducted in 2021 using HHS info from 2018-21 supports this by showing an 84% increase in data breaches. This is against healthcare organizations, where the total number of victims went to approx. 50 million in 2022 increased from 14 million in 2018.
At the same time, Michael Hamilton, CISO, Critical Insight, expressed that the number of breaches is increasing in 2022. But, the style or type of attacks is changing. Some threats are simply stealing & ransoming data rather than encrypting entire networks and disrupting urgent medical care.
Hamilton further says, “One reason for the number of records being disclosed going up is the rhetorical change by the federal government, which says, ‘If you use ransomware against critical infrastructure, you’re no longer a criminal, you’re a terrorist.” That stopped many people because if they’re not going to screw up the network to extort a hospital, they steal their records. Which is why records theft went up and is still going.
Critical Insight wasn’t the only company to get traction on this. Sophos, in its State of Ransomware in the healthcare industry report mentioned above, also showed steep increases in attacks over the past two years.
Based on the ground-breaking survey, the report involved 5,600 IT professionals familiar with the healthcare industry. The survey’s results were astonishing . Over 66 percent of healthcare organizations were hit by ransomware last year, up from 34 percent a couple of years back. Healthcare had the highest increase in the volume of cyber-attacks among all sectors, at a 69 percent increase per year.
Further, one of the primary reasons there was an increase in 2021 was the prevalence of the Conti ransomware group, known for targeting healthcare organizations.
Chester Wisniewski, a principal research scientist at Sophos, also believes that while Russian threat actors may have at first shown restraint from attacking the U.S. Now there’s no stopping them as Russia goes deep into the invasion of Ukraine.
How Healthcare Organizations Prevent Healthcare Ransomware Attacks
Experts at IMAGINE IT believe that defending against Healthcare Ransomware Attacks requires a proactive approach. And a dedicated focus on prevention. Malware is a tough nut to crack once they make its way into a computer system. And keeping the malicious software out by using Imagine IT’s Managed IT services in the first place is always the first and best option.
Secondly, you should do whatever it takes to raise awareness about cyber threat protection within your hospital’s staff. Massive assaults originate with a single employee’s error. So training people to identify potential phishing attempts is one of the easiest and best ways to enhance organization-wide protection.
Backing up essential data always helps minimize the damage in the case of a sudden Healthcare Ransomware Attack. What makes these attacks disastrous is often the paralyzing effect on an organization. Keeping data stored in multiple places will make it easier to maintain operations. Even when cybercriminals have disabled parts of the digital infrastructure that you possess.
Advances in ML or Machine Learning have also provided an additional layer of security in the fight against cybercrime. AI-enabled Machine Learning and Email Security solutions can identify suspicious activity. As well as flag potential phishing campaigns. This line of defense can prove vital in the fight against an enemy as pernicious as cybercrime.
Conclusion
The increase in healthcare ransomware attacks is a concerning trend that threatens the sensitive data of millions of individuals.
However, the good news is that healthcare organizations are better equipped to deal with the aftermath of these attacks than they were in the past. With a proactive approach to cybersecurity and a focus on prevention. Healthcare organizations can significantly reduce the risk of falling victim to these attacks. This includes using managed IT services, raising awareness about cyber threat protection, and backing up essential data.
Additionally, advances in machine learning and email security solutions can provide an additional layer of defense against cyber threats. By taking these steps, healthcare organizations can minimize the damage caused by ransomware attacks. And keep their patients’ data safe and secure.
