Per research reported by Information Management (IM) magazine, ransomware attacks against healthcare organizations increased by 89% in 2017 compared to the previous year. Researchers reported that more than 3.4 million healthcare records were compromised last year, with nearly a third of major ransomware events affecting 500 or more individuals.
Why such a big surge? Because, as described by IM: “Ransomware provides more immediate rewards to hackers by threatening access to medical care in exchange for the immediate disbursement of digital funds.”
Ransomware—and malware in general -- is an escalating challenge for the healthcare industry that promises to become even more precarious as we move into 2018. Here’s a digest of five reasons shared byIM editors:
- Broadening Attack Surface
Today, about 90% of healthcare providers use some form of electronic medical records, with virtually all these records accessible via the internet for the edification of individual users. A potentially rich cyber-field for crooks to harvest.
- IoT Devices as Doorways
The increasing number of mobile devices deployed in healthcare that connect to the internet – such as handheld scanners and wireless sensors, along with smartphones and tablets –multiplies potential attack vectors for hackers.
- Double Rewards
Security analysts assume that, if a cyber-attacker can encrypt a healthcare provider’s data to hold it hostage, then those cybercriminals also breached the database and can view the records. So, two crimes may be committed. First, hackers steal the files, and then they commence the ransomware process. Double the crime could mean double the criminal profits.
- Plummeting Prices
In 2015 and 2016, attackers targeted big healthcare organizations, such as Anthem. But now, a relative glut of stolen data from those huge networks has driven the price of pilfered records down on the black market – from as high as $50/record five years ago to as low as $1/record nowadays.
- Diversifying Mix of Victims
Analysts speculate that tough business conditions in 2018 will drive hackers to innovate and refine their ransomware tools and techniques. Smaller, specialized healthcare operations – such as physicians’ practices, surgical centers and MRI/CT scan facilities – will be at greater risk this year.
How can healthcare companies cope with these rising risks? In a recent post, we recommended five ways:
- Increase cybersecurity awareness and education programs for your organization’s users.
- Implement a “White List” of websites known to be secure.
- Restricting permission levels to critical personnel can prevent malware like ransomware from running or spreading quickly.
- Deceive the deceivers by using “deception tools” to bait ransomware attackers with false data on decoy networks. Crooks waste time working on bogus records while your team fortifies cyber-defenses.
- Leave the technical aspects to the experts by entrusting your Managed Services Provider (MSP) to install and implement measures such as firewalls, as well as monitor for intrusions and support recovery from incidents.