jamesteohart - stock.adobe.com
Many Healthcare Orgs Suffer IT Outages After Ransomware Attacks
A Trend Micro study found that 86 percent of surveyed healthcare organizations hit by ransomware attacks had experienced IT outages.
Ransomware attacks against healthcare organizations have been increasing and wreaking havoc for the last several years. These threats lead to disruptions for patients and providers, with 86 percent of surveyed healthcare IT decision-makers reporting that their organizations suffered operational IT outages when compromised by ransomware attacks, according to a recent Trend Micro survey.
From 2017 to 2021, ransomware attacks have hit new highs increasing by 109 percent, and 2022 has seen a 13 percent year-over-year increase in attacks, an FBI report found as noted by the study authors
The cybersecurity firm, Trend Micro, investigated the effect of ransomware attacks on healthcare organizations in a survey commissioned by Sapio Research of 145 businesses and IT decision-makers.
The survey discovered that 57 percent of healthcare organizations reported being hit by a ransomware attack in the last three years. Of those who experienced a ransomware attack, 25 percent had to halt operations, while 60 percent revealed that the attack disrupted some business processes completely.
Additionally, 56 percent of respondents stated it took days to restore these operations, and 24 percent revealed it took weeks.
These attacks also have implications for patient data. Three-fifths of respondents said that sensitive data leaked by the threat attackers, possibly raising compliance and reputational risk, as well as investigation, remediation, and clean-up costs.
The average cost of remediating a ransomware attack is enough to cause financial strain for a hospital. On average, healthcare organizations spend around $10.1 million to recover from attacks, which include business downtime, lost orders, operational costs, device costs, and other expenses.
In one case, a ransomware attack cost Universal Healthcare Services $67 million in lost operating income, labor expenses, and overall recovery costs.
However, ransomware impacts more than basic hospital operations and finances; such incidents can also pose risks to patient safety.
“In cybersecurity, we often talk in abstractions about data breaches and network compromise. But in the healthcare sector, ransomware can have a potentially very real and very dangerous physical impact,” Bharat Mistry, technical director at Trend Micro, said in a press release.
“Operational outages put patient lives at risk,” Mistry continued. “We can't rely on the bad guys to change their ways, so healthcare organizations need to get better at detection and response and share the appropriate intelligence with partners to secure their supply chains.”
Respondents to the survey noted that supply chain weakness left their organization vulnerable to ransomware attacks. In particular, 43 percent stated that their partners have made them a more attractive target for attack. Another 43 percent of responding organizations said a lack of visibility across the ransomware attack chain has made them more susceptible.
Thirty-six percent of respondents believe a lack of visibility across attack surfaces has made them a bigger target for ransomware attacks.
On a positive note, 95 percent of the organization regularly update security patches and 91 percent have implemented software to prevent malicious email attachments.