What Hospitals Need to Know About Ransomware

Posted by Amanda at Varay on Jan 2, 2019 2:56:00 PM

Ransomware attacks on hospitals are on the rise

There are three things you ought to know about ransomware attacks on hospitals:

       1. They’re incredibly common.

2. They cost far more than a ransom fee, whether or not the fee is paid.

3. Employees might just be more effective at preventing attacks than security software.

Why ransomware attacks target hospitals

It’s tough to gauge how often ransomware hits healthcare centers, because victims have strong incentive not to disclose attacks to the public. No one — especially not an organization responsible for life-or-death interventions and liable for protecting sensitive data — wants to look technologically vulnerable. One cybersecurity expert estimates that 90% of hospital attacks end with the hospitals paying the ransom.

Ransomware hacker encrypting hospital files | Varay, El Paso

Paid or not, the fallout from a ransomware attack can take a hospital back to the paper age for weeks. It’s not hyperbole to say this loss of efficiency has the potential to impact patient lives.

But hospitals’ needs for instant access to patient records and healthcare directives make them likely to pay a ransom fee, rather than leave themselves locked out of crucial data. They’re great targets because their continued existence depends on preventing patient harm and HIPAA discipline.

Ransomware attacks on hospitals also succeed because hospitals generally don’t put enough effort into their cybersecurity or safe email and internet practice trainings for their employees.

What does a hospital ransomware attack cost?

A recent attack on the Erie County Medical Center gives us a good idea of the potential costs. The executives at the hospital didn’t pay the ransom fee. But they paid dearly anyway. When all was said and done, the ransomware attack cost the facility $5 million in productivity loss, overtime, and security upgrades.

But let’s say the hospital does choose to pay the ransom. An Indiana hospital recently paid a $55K ransom, because the time lost retrieving their backed-up data seemed like too great a liability. The problem is, once the attacker knows you’ll pay a ransom, you can bet they’ll make you a repeat customer.

What you can do to prevent a ransomware attack

There are two important steps you can take to protect your hospital:

       1. Protect your data by backing it up, segmenting your systems, and upgrading your network.

  1.        2. Train your employees to identify phishing emails.  

  1. You might be surprised that employee training is every bit as important as data management, but the attacks we’ve talked about in this post stemmed from employees engaging with phishing emails.

When an employee opens a phishy link or attachment, malware can infect your system. Employee security awareness training can equip your team to spot suspicious messages and verify links and attachments before engaging them.

Train your team to close the door on ransomware

Varay’s Security Awareness Training is a simple, effective tool that helps stops ransomware at its point of entry — your employees.

Contact us today for a quote on Security Awareness Training.

 

Prevent Ransomware

Topics: security, healthcare IT, ransomware, cybersecurity, disaster recovery & business continuity