Healthcare orgs at much higher risk of ransomware attack than financial institutions
- Healthcare organization’s computer networks are 114 times more likely to suffer ransomware attacks than those at financial institutions, and 21 times more likely than schools and universities, CSO reports.
- The sobering statistic surfaced in a new report by security firm Solutionary, which experienced 88% of ransomware infections in the first six months of 2016 despite having healthcare account for just 7.4% of its client base.
- Last week, HHS’ Office for Civil Rights issued draft guidance to help healthcare organizations tackle ransomware threats head on.
The rate of attacks is likely higher. “These numbers do not count all of the email delivery or exploit kit activity that happens pre-infection and would be attempts to deliver ransomware,” Terrance DeJesus, a threat intelligence analyst at Solutionary, told CSO. “These are confirmed ransomware outbreaks on directly affected systems."
A poll this past spring by Health IT News and HIMSS Analytics found that up to 75% of hospitals surveyed may have been hit by ransomware over the past year.
DeJesus said hackers may be targeting hospitals and health systems because of the perception that they are less tech savvy than industries like banking. They also collect a wealth of personal data in electronic medical records (EMRs), which identity thieves are eager to have.
To reduce the likelihood of a ransomware attack, DeJesus advises organizations to invest in off-site backups and test them regularly to ensure quick restoration if tampering occurs.
In February, Los Angeles’ Hollywood Presbyterian Medical Center paid $17,000 in bitcoins to a hacker to regain control of its computer systems. The following month, the computer network at Columbia, MD-based MedStar was hit by a virus that prevented users from logging on, forcing the health system to disable the network for several days.