Dive Brief:
- 68% of U.S. consumers would consider leaving their healthcare provider if it was attacked by ransomware, a survey of 5,000 consumers by security firm Carbon Black shows.
- Roughly 7 in 10 consumers trust their healthcare providers and financial institutions to keep their data safe, while only about half trust retailers. At the same time, consumers believe individual organizations — and not security vendors, software companies or the government — bear the brunt of responsibility for protecting personal data.
- Mike Viscuso, co-founder and chief technology officer of Carbon Black, called the nearly 70% of consumers who would walk out on hacked healthcare providers a “startling statistic” and said the recent WannaCry ransomware attack should be a “clarion call” to invest in security personnel, processes and technology, according to Healthcare IT News.
Dive Insight:
Carbon Black conducted the survey in the wake of the global WannaCry attack to gauge consumers’ understanding of ransomware and their expectations of businesses to keep their data safe. More than half (57%) said WannaCry — which hijacked more than 300,000 computers in 150 countries — was their first awareness of ransomware.
In the event their information is hacked, 52% of consumers said they would pay a ransom, but only 12% would pay $500 or more.
To avoid ransomware, the Waltham, MA-based security vendor recommends that consumers keep software updated, be wary of suspicious emails, pop-ups and links, back up data and install antivirus software.
In a recent interview with Healthcare Dive, Robecca Quammen, CEO of healthcare consultancy MyConsultQ, had this advice for hospitals as well. “Start investing in intrusion testing and rapid remediation of all issues detected in the testing now,” she said. “This is no longer an exercise to meet regulatory (HIPAA Risk Assessment) requirements. It is your first defense against an attack that should be considered imminent.”
Other lessons from the WannaCry outbreak: Cybersecurity requires buy-in and investment at all levels of an organization, and healthcare providers need to fully grasp the privacy risks that come with an EHR and other vulnerabilities of a digitized world.
While WannaCry was one of the worst ransomware attacks, it was certainly not the first. Last year Hollywood Presbyterian Medical Center and MedStar Health both got hacked by ransomware, forcing them to revert to handwritten records until their systems could be unlocked.