Hacking attacks on the healthcare industry pose a real threat. This is now confirmed once again by Sophos’ industry analysis, “The State of Ransomware in Healthcare 2022.” According to the report, there has been a 94 percent increase in ransomware attacks in the healthcare sector worldwide. In 61 percent of those affected, corresponding attacks even led to the encryption of data.
94 Percent Increase in Attacks on Health Care
But healthcare organizations are now better prepared for cyberattacks. 99 percent of affected organizations are able to recover at least some of their encrypted data thanks to the precautions they have taken. Backups are used by 72 percent to do this. 14 percent even use three different methods to recover data – putting healthcare ahead of all other industries.
At the same time, however, 61 percent of affected organizations said they paid the ransom to regain access to their data. This makes them the most likely to pay in an industry comparison, but the ransom is lower on average. This is $812,000 globally across all sectors covered in the survey. In healthcare, however, attackers demand an average of just US$197,000.
However, there is no guarantee that the organization will recover all the data as a result of the ransom payment. Only two percent of those affected said they had recovered all their data.
Ransomware in healthcare is more nuanced in terms of protection and recovery than in other industries,” John Shier, senior security expert at Sophos, also knows. “The data that healthcare organizations use is extremely sensitive and valuable, which makes it very attractive to attackers.
In addition, the need for efficient and widespread access to this type of data – so that medical professionals can provide the right care – means that typical two-factor authentication and zero-trust defense tactics are not always feasible. This makes healthcare organizations particularly vulnerable, and when impacted, they may choose to pay ransom to gain access to critical, often life-saving patient data.”
Taking Action Against Ransomware
Because of these unique factors, healthcare organizations need to strengthen their protection against ransomware by combining security technologies with human-led threat hunting to defend against modern cyber attackers, Shier added.
That means, on the one hand, healthcare organizations should take care to secure their entire enterprise with high-quality protections and also regularly review or adjust security protocols as necessary. This includes monitoring the system for security vulnerabilities – such as unpatched devices, unprotected machines and open Remote Desktop Protocol ports. “Extended detection and response (XDR) solutions are ideal for closing these gaps,” Sophos explains.
At the same time, actively look for outside threats. That way, attacks can be prevented before they can do any damage. “If the internal team doesn’t have the time or skills to do this themselves, it’s advisable to hire external managed detection and response (MDR) specialists.”
If an attack is still successful, the organization should have a plan in place that lays out what to do in a worst-case scenario. Regular training helps everyone involved to remain calm and take the correct action in this case. Backups are also useful in such situations. Thanks to them, systems can be restored quickly in the event of data encryption, thus keeping the interruption to operations as short as possible.