Securing the Digital World

Healthcare in the Age of Ransomware

Jul 01, 2020 | by Redvers Curry |

Before the challenges created by the global health crisis, the healthcare industry was experiencing a digital transformation driven by the adoption of Internet of Medical Things (IoMT), introduction of new laws and new ways of doing business. What the global disruption has done is amplify familiar cyber attack and digital risk challenges.

Healthcare organizations continue to be a top target for cyber attacks. In fact, cyber incidents cost the healthcare industry an estimated $4 billion in damages in 2019. Fast forward to today, cybercriminals are more active than ever. They're taking advantage of the chaos created by the health crisis and targeting understaffed healthcare systems that are focused on managing the safety of patients.

The bad guys are exploiting new innovations and integrations between systems and end-user applications. However, they also continue to "win" by deploying the simplest of phishing attacks. The danger is that health data is incredibly valuable and can cause reputational damage when breached.

What can healthcare providers do to mitigate the risk of ransomware? Implement a multipronged strategy for addressing ransomware that focuses on:

  • Educating your organization's entire workforce on phishing tactics, and like a fire drill, practice to make sure everyone knows what to look for, and what to do when phished.
  • Enlisting detection and response solutions or services, with visibility across networks into endpoints, web applications and other infrastructure (both virtual and cloud-based).
  • Backing up data remains a critical component of any ransomware mitigation strategy. Data should be backed up in almost real-time to help minimize downtime, and speed recovery if compromised.
  • Building resiliency requires preventive and risk-driven planning. Weave resiliency measures into the organization's business model, aligning security incident response and crisis management, coordinate business and IT recovery and develop post-disruption strategies to reduce the impact of future crises.

There is a lot stake, and security risks cannot be ignored. Every dollar spent on a ransom is a dollar that doesn't go to pay for improving patient care. At the end of the day, the victims of ransomware are the patients themselves and their relationship with the healthcare system.