Dive Brief:
- A poll conducted by Health IT News and HIMSS Analytics found that up to 75% of hospitals surveyed could have been hit by ransomware over the past year.
- While 73% of health systems had a business continuity plan in case of a ransomware attack, 23% said they had no plan, and 3% were unsure, according to the poll.
- In the event of a ransomware attack, almost half of those surveyed said they are unsure whether they would pay the ransom.
Dive Insight:
The uncertainty of whether to pay ransom stems from the scale of the attack, when it was detected, how quickly the business continuity plan goes into effect, when the last data backup occurred, and how extensive the encryption is.
Brendan Fitzgerald, HIMSS analytics research director for Advisory Solutions, suggests educating end-users is more important than security tools or frequent data back-ups because prepared employees are better deterrents to hackers.
Fitzgerald added that most industry literature recommends not to pay the ransom but it really depends on the scope of the attack.
The survey included 61 responses from CIOs, chief information security officers, and IT directors.
More hospitals are being targeted by ransomware.
California-based Hollywood Presbyterian Medical Center paid $17,000 in bitcoin in February to regain access to its data after a ransomware attack left the hospital relying on paper record keeping for more than a week.
Later in March, two more hospitals were hit, but neither of them paid the ransom.
Ransomware hit MedStar Health System in late March with 10 regional hospitals in Maryland with 30,00 employees and 6,000 physicians unable to access EHRs for a week. MedStar said it was able to restore its computer system without paying the ransom.