Free Guide
16 Questions You MUST Ask Before Hiring Any IT Company
Since the beginning of the global pandemic in 2020, organizations in the healthcare and healthcare-related sectors have found themselves in the sights of cybercrime operations. In 2020, 560 healthcare facilities were affected by ransomware attacks in 80 separate incidents. Opportunistic cybercriminals have taken advantage of the already epic stress on the entire healthcare ecosystem to deploy ransomware, conduct account takeovers, and steal huge amounts of personally identifying information (PII) and protected health information (PHI). That sent many hospitals reeling, creating all sorts of negative impacts in their communities.
In a September 2021 report, The Impact of Ransomware on Healthcare During COVID-19 and Beyond, researchers at the Ponemon Institute explored the impact of increased cybercrime during the global pandemic and the impact that cyberattacks including ransomware and third-party incidents had on patient-focused healthcare facilities around the world. Without ransomware in the mix, healthcare facilities reported that they’d seen a sharp increase in cyberattacks since March 2020.
Healthcare data was a hot commodity during the pandemic. It is still highly desirable in the booming dark web data markets. The majority of respondents (60%) admitted that their HDOs had experienced a data breach in the past two years. On average, each breach incident exposed 28,505 records and cost an average of $837,750. In September 2020 alone, cybercriminals stole 9.7 million medical records. Cybercriminals were well aware that any data relating to COVID-19 treatments, outcomes, research, or vaccine development was worth its weight in gold and they did not hesitate to snatch data from any healthcare-related target that they could infiltrate.
Causes of Breach in Healthcare Organizations:
Ransomware ran rampant throughout 2020 and 2021, and no sector was more beleaguered than healthcare. Facilities researching COVID-19, particularly facilities involved in vaccine development, were especially at risk as cybercriminals sought to profit handsomely from stolen research data. Ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020. Just one week before the first vaccine announcements hit the press, cybercriminals were still at it, nailing Pfizer, Indian giant Dr. Reddy’s (Russia’s Sputnik Vaccine partner, and the Taiwan research arm of Japanese drugmaker Shionogi & Company Limited all in the same week. Microsoft identified the cybercriminals responsible as nation-state actors, Strontium, an actor originating from Russia, and two actors originating from North Korea that they referred to as Zinc and Cerium. Ransomware is the preferred weapon of nation-state threat actors.
Of the 597 health delivery organizations (HDOs) analyzed in this survey, 42% had faced at least two ransomware attacks during the study term. One factor that has contributed to that boom is increased specialization among healthcare facilities and clinics as well as a push to outsource functions to lower operating costs, leaving healthcare targets particularly susceptible to third-party risk. Increased dependence on third-party service providers was named as a major source of ransomware threats by more than one-third (36%) of the survey respondents.
Healthcare Orgs Aren’t Ready for Trouble and They Know It
However, the increase in ransomware danger for healthcare targets isn’t news to those who deal with healthcare IT. Over half of the HDOs that researchers analyzed weren’t feeling good about their prospects when it came to fighting off a ransomware attack before the pandemic hit, and they’re even less confident now that they’re navigating a pandemic-induced cybercrime inundation. Before COVID-19, 55% of respondents say they were not confident they could mitigate the risks of ransomware. In the age of COVID-19, 61% of respondents are not confident or have no confidence that they’re ready to fend off a ransomware attack.
Just like every other business sector, healthcare targets also fell prey to more ransomware attacks in 2020 and 2021. Overall, 43% of the study respondents said that their HDOs experienced a ransomware attack in the last two years, sometimes more than one. Of the healthcare entities in the survey who experienced a ransomware attack, 67% said that their HDO was struck by one ransomware attack, and an unfortunate 33% of respondents said that their organizations had been hit with two or more ransomware attacks since March 2020.
Source: ID Agent.