Ransomware in the Healthcare Industry

Ransomware in the Healthcare Industry

Organizations worldwide have experienced an increase in ransomware attacks in recent months, and healthcare is one of the industries hit particularly hard. According to a survey of IT professionals, approximately 1 in 3 healthcare organizations globally reported being hit by ransomware in 2020. Recently, a New York-based healthcare provider reported a serious ransomware attack affecting medical records and other patient information – more than 750,000 records of Maine residents alone were exposed.

What’s Ransomware?

Ransomware is a type of malware that encrypts files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Within the healthcare industry, bad actors use ransomware to compromise operations and hold patient data hostage to extract money from healthcare organizations. Ransomware is often designed to spread across a network and target database and file servers and can quickly paralyze an entire organization.

One of the reasons we’re seeing such a prevalence of ransomware in the medical industry is because it’s a match made in heaven from an attacker’s standpoint. Many healthcare organizations are well funded and can pay significant ransoms, and they don’t invest enough in cybersecurity programs or have enough cybersecurity experts on staff. What’s more, they absolutely, without exception, need 100% uptime to treat patients. Losing access to data and hospital systems can present a dire situation with life-or-death consequences, creating a sense of urgency for healthcare organizations to regain access.

Why You Should Not Pay the Ransom

The FBI and Department of Homeland Security have always recommended against paying up when cybercriminals demand a ransom to decrypt files seized by ransomware. But in a healthcare setting, where continuity is critical and often a matter of life and death, that advice is not so cut-and-dried, and it may make sense for healthcare organizations to comply with cybercriminals’ demands in the interest of patient safety and business continuity.

Here are three reasons why you shouldn’t pay a ransom:

1. Despite meeting threat actors’ demands and paying the ransom, there’s no guarantee that the cybercriminals will provide a decryption code in exchange. A study found that of the healthcare organizations that were hit with a ransomware attack and chose to pay their attackers to get encrypted data back, only 29% got back 50% or less of its data, and only 8% got all of their data back after paying out a ransom.
2. Paying a ransom also signals threat actors that you’re willing to negotiate, which opens you up to more ransomware attacks or bigger ransom demands. Attackers know that if you are willing to pay the first demand, they have you on the ropes, and you’re likely willing to pay a second. This was the case for Kansas Heart Hospital, which fell victim to a ransomware attack and chose to pay the ransom demanded. But then the hospital was told that to regain full access to files, it would have to fork over an even bigger ransom.
3. Increase in cybersecurity insurance premiums: Because of the rise in ransomware attacks, healthcare organizations are turning to cybersecurity insurance to help shield them from the burden of paying a ransom. However, when insurance pays a ransom, it can cause a spike in your insurance rate. In fact, global cyber insurance prices have already increased by 32% over the last year.

How to Prevent Ransomware Attacks

Many healthcare organizations structure their cybersecurity efforts around HIPAA compliance, but this is not always enough to protect them from ransomware attacks. Healthcare organizations should budget for cybersecurity programs and strive to do more. Though the upfront cost of investing in cybersecurity might seem high, it’s far less than the cost of recovering from a ransomware attack, where you have remediation costs plus whatever ransom you might be tempted to pay.

You should also perform continual risk assessments and prioritize and remediate the vulnerabilities that are most likely to be targeted by coordinated ransomware attacks and ensure that continuous monitoring and patching are in place. Educate your users about their role as the first line of defense and prepare for an attack and breaches with a backup and recovery plan.

Alvarez Technology Group provides comprehensive cybersecurity solutions that can help protect your organization against ransomware attacks and other forms of cyberattacks. Contact us today to schedule a consultation!