Healthcare organizations secure 50% more sensitive data than global average

The Rubrik Zero Labs research unit found that the average healthcare organization possesses upwards of 42 million sensitive data records, 50% more than the global average of 28 million. Given this figure, Rubrik deduced that ransomware attacks against healthcare organizations can have significant negative impacts on operations and data security and integrity.

In fact, Rubrik researchers found that ransomware attacks against the healthcare organizations it observed had an estimated impact of almost five times more sensitive data than the global averages. The impact was measured by encryption blast radius and sensitive data impacted.

Essentially, about 20% of a healthcare organization’s sensitive data holdings are affected by a successful ransomware attack, compared to just 6% at other organizations.  

Rubrik based its findings on its own data across 6,100 customer organizations as well as survey findings from Wakefield Research and data from several partner research organizations.

At a typical healthcare organization observed by Rubrik, 16.8 million files are impacted per encryption event, and 8.4 million sensitive data files are within the impacted files.

Researchers also observed healthcare organizations leveraging virtualized architecture at higher rates than organizations from other sectors. About 97% of healthcare encrypted data is within a virtualized architecture, compared to 83% across all industries analyzed in the report.

“Virtualized architectures typically have less security coverage compared to traditional endpoints. This creates security dead spots and simultaneously allows attackers unfettered access,” Rubrik suggested.

“Once attackers gain access to virtualization control panels, they can often move at speed and scale using only compromised credentials.”

Additionally, Rubrik researchers highlighted the outsized impact that ransomware attacks can have on data storage capacity at a single organization, especially when that organization already maintains large amounts of data.

“If a single healthcare ransomware event encrypts or modifies 16.8 million files, it essentially means the encryption event created 16.8 million ‘new’ files for the victim (compared to 13.7 million new files for a typical global organization),” the report stated.

“These files are backed up as new files, which consumes vast amounts of storage capacity at the moment of the encryption event.”

What’s more, if the organization’s storage capacity is over 70% before the attack, the new data created by the encryption event could hurt an organization’s ability to recover quickly. Rubrik’s ransomware response team has found that this issue tends to lead organizations to either quickly increase data capacity, or slow data growth, both of which lengthen recovery times and cost money.

The effects on business and employees can linger even when organizations recover from a cyberattack. Organizations reported decreases in shareholder value, customer loss, and mental health impacts on senior IT and security leaders. However, many also reported hiring additional staff and increasing spending on new services following a successful recovery.

“You cannot eliminate risk, but you can influence the risk cycle and affect your new risk baseline,” the report continued, highlighting the importance of learning from a ransomware attack and applying it to future risk reduction activities.