Healthcare Providers Face Increased Risk from Ransomware

Healthcare Providers Face Increased Risk from Ransomware

2020 was a year of many ups and downs.  Unfortunately, ransomware attacks were on the rise, including increased risk to healthcare providers.  Private physician practices, health systems, and other healthcare providers became prime targets at a time when they could least afford downtime caused by an attack.  2021 is expected to be just as risky.

How Ransomware Gets In

Often, ransomware infects a machine due to user error.  It happens when a user clicks on a malicious link in a phishing email or views an online ad containing malware. (Learn how to identify suspicious emails to help avoid becoming a victim.)

In some instances, an attack can also be launched from a third-party vendor.  According to Comparitech, a breach by a software provider Blackbaud last fall impacted 100 US healthcare organizations and over 12.3 million patient records as of March, 2021.

The Effect of Ransomware on Healthcare Providers

Regardless of how a ransomware attack is launched, the impact can be costly and devastating

In 2020, 92 individual ransomware attacks affected over 600 separate clinics, hospitals, and organizations and more than 18 million patient records. The estimated cost of these attacks was almost $21 billion.  Costs can include paying the ransom to avoid dissemination of private information.  This represents a 60% increase in ransomware over 2019.

The depth of disruption from ransomware can paralyze both private physician practices and entire health systems.  In addition to patient health records being locked, or in some cases lost, disruptions were reported with the delay of procedures including radiation treatments, inaccessibility of lab reports, and even diversion of ambulances.

One of the largest U.S. healthcare systems was attacked in October, 2020, affecting all its locations with outages to their computer systems, phone and internet services and data centers. Though the issue was discovered in relatively short order and their IT team was able to minimize the damage by shutting down the systems and network, the disruption lasted almost two weeks.

How to Protect Your Healthcare Organization from Ransomware

  • Be vigilant about deploying software patch updates – it’s critical that software patch updates be maintained regularly to address any security flaws
  • Maintain a regular data backup – to store information in separate and secure places
  • Use managed antivirus software – to help prevent cyberattacks and malware
  • Implement multi-factor authentication for email – this extra security layer makes it more difficult to compromise email accounts
  • Conduct security training for employees – employees are the last line of defense so proper, consistent training will help them spot malicious emails and potentially dangerous malware.

If you’d like to know more about how CRU Solutions can help keep your private physician practice safer, contact us.