In May 2017, the WannaCry ransomware took copious amounts of data hostage and demanded hefty sums in exchange for the decryption keys. The contagion, allegedly the work of North Korean hackers, spread like wildfire, infecting countless systems worldwide and dealing billions of dollars in damages. Some victims ceded to the attackers’ demands, but few got their data back.
In the months that followed the WannaCry outbreak, ransomware became the most virulent form of malware to threaten digital economy – and has remained so to this day. Among the verticals affected by WannaCry and its successors, the healthcare sector was hit particularly hard, as hackers quickly developed a taste for holding medical records hostage.
For the eighth year in a row, healthcare organizations have incurred higher costs than any other sector from data breaches, costing them an average of $408 per lost or stolen record. Costs associated with data breaches in healthcare are nearly three times higher than in other industries.
Healthcare is more tightly regulated than most other industries, and it’s also seen a spike in data breaches in the last year – especially ransomware attacks. Health or clinical data is also the most common type of personal data compromised.
Electronic health records contain highly sensitive data, yet many clinics communicate through unsecure channels and their systems are poorly patched. Stolen patient health information that makes its way onto the dark web is known as “fullz.” Fullz can be used for various kinds of fraud and extortion, such as banking and credit fraud, healthcare fraud, identity theft and ransom extortion.
With the new regulations in place, reported incidents in healthcare are on the rise, and analysts expect this trend to march forward.
In the United States, healthcare organizations suffered a substantial increase in hacking in the second quarter of 2018. Between 2 million and 3 million patient records were reportedly affected, and seven of the reported incidents specifically mentioned ransomware.
A ransomware strain christened ‘SamSam’ has been responsible for key attacks targeting healthcare in 2017 and 2018, with some hospitals forced to turn away their patients, while others turned to pen-and-paper. An attack on Singapore’s Ministry of Health compromised 1.5 million patient records, including the patient chart belonging to the country’s prime minister.
The costs associated with ransomware attacks are sky-high for some, and moderate for others. But as the ransomware threat continues to loom over the industry, and bad actors steadily hone their infiltration techniques, healthcare businesses must take quick action or risk dire consequences.
On the bright side, according to a recent study by Spiceworks, the healthcare sector now has the highest adoption rates for anti-ransomware solutions (56%) and hardware-based authentication (49%), which indicates that HCPs are waking up and smelling the roses. On the not-so-bright side, however, they also have the lowest adoption rates of breach detection systems (23%) and deception technology (10%).
To learn more about the ransomware threat in healthcare, download our free whitepaper “Ransomware – A Growing Menace for Healthcare Providers.”