A new report found that ransomware attacks on healthcare organizations increased 94% from 2021 to 2022.
A staggering two-thirds of healthcare companies in the US experienced a ransomware attack in 2021.
And the problem is getting worse. CISA put out an alert in early July that North Korean state-sponsored actors are targeting healthcare organizations with the Maui strain of ransomware. And in mid-July, a ransomware attack on a debt collection firm affected 650 healthcare providers and nearly two million patients.
Why the massive increase? A few reasons:
- Health care organizations hold incredibly valuable personal data, making it a potential gold mine for hackers
- According to a survey, only 4-7% of the average healthcare provider's IT budget is focused on cybersecurity
Another issue for healthcare organizations is that there are many things to target. Email, of course, but also connected medical devices. In 2019, in the midst of a ransomware attack, an Alabama hospital was unable to monitor fetal heartbeats.
Healthcare organizations not only to keep personal data safe, but they need to keep patients safe.
In general, 36% of institutions attacked weren’t able to provide patient care for at least five hours
More alarmingly, one study found that data breaches not only reduce the quality of care, but actually increase the 30-day mortality rate, not just in the immediate aftershocks, but up to two years later.
The best first step is to secure email. One report found that 72% of organizations experienced downtime due to an email-based cyber attack.
Since phishing is the number one cause of ransomware, it's the best place to start. By preventing phishing and malicious emails from reaching the inbox, healthcare organizations can drastically reduce their attack surface.
