Healthcare Providers Face Increased Risk from Ransomware
- Post by Karen Bartuccio
- April 19, 2021
2020 was a year of many ups and downs. Unfortunately, ransomware attacks were on the rise, including increased risk to healthcare providers. Private physician practices, health systems, and other healthcare providers became prime targets at a time when they could least afford downtime caused by an attack. 2021 is expected to be just as risky.
Often, ransomware infects a machine due to user error. It happens when a user clicks on a malicious link in a phishing email or views an online ad containing malware. (Learn how to identify suspicious emails to help avoid becoming a victim.)
In some instances, an attack can also be launched from a third-party vendor. According to Comparitech, a breach by a software provider Blackbaud last fall impacted 100 US healthcare organizations and over 12.3 million patient records as of March, 2021.
Regardless of how a ransomware attack is launched, the impact can be costly and devastating.
In 2020, 92 individual ransomware attacks affected over 600 separate clinics, hospitals, and organizations and more than 18 million patient records. The estimated cost of these attacks was almost $21 billion. Costs can include paying the ransom to avoid dissemination of private information. This represents a 60% increase in ransomware over 2019.
The depth of disruption from ransomware can paralyze both private physician practices and entire health systems. In addition to patient health records being locked, or in some cases lost, disruptions were reported with the delay of procedures including radiation treatments, inaccessibility of lab reports, and even diversion of ambulances.
One of the largest U.S. healthcare systems was attacked in October, 2020, affecting all its locations with outages to their computer systems, phone and internet services and data centers. Though the issue was discovered in relatively short order and their IT team was able to minimize the damage by shutting down the systems and network, the disruption lasted almost two weeks.
If you’d like to know more about how CRU Solutions can help keep your private physician practice safer, contact us.