Ransomware attacks impact one out of 31 healthcare organizations on a weekly basis, according to Check Point Research. You might not be able to stop ransomware in healthcare but you can make it harder for cybercriminals to infiltrate your network.
Read this article — part of our Internet of Medical Things (IoMT) security playbook — to dive deep into the ransomware problem facing healthcare delivery organizations (HDOs). Discover what you can do to increase cyber resilience and ensure patient safety.
The gravity of potential disruption makes this critical sector more likely to pay ransoms to regain network and data access. As per The State of Ransomware in Healthcare 2022 Report, the ransom payment rate by healthcare is 61%, above the cross-sector average of 46%. Hospitals need to keep their systems up and running to avoid an impact on care delivery.
Ransomware has become a lucrative business model for cybercriminals. So how much money does ransomware make? The average ransom payment is almost a quarter-million dollars, according to a 2021 IDC survey.
With the rise of cryptocurrencies, it’s harder to trace payments. In addition, ransomware-as-a-service (RaaS) models enable the proliferation of those attacks, with certain ransomware gangs even specializing in healthcare.
Consider the example of Conti — a RaaS model variant in which attackers gain unauthorized access to hospital networks through spearphishing campaigns, stolen remote desktop protocol (RDP) credentials, and unpatched assets. The FBI identified at least 16 Conti attacks targeting U.S. healthcare and first responder networks. Conti typically steals victims’ files and encrypts the servers and workstations to force a ransom payment.
Ransom demands have been as high as $25 million. Paying ransoms, however, is a controversial decision. Gartner forecasts that, by 2025, 30% of nation-states will have laws regulating ransomware payments. In the U.S., authorities such as the FBI and Cybersecurity and Infrastructure Security Agency (CISA) advise victims not to make payments because there’s no guarantee they will regain access to their systems and data.
In 2021, the FBI received 3,729 complaints of ransomware, with victims reporting over $49.2 million in adjusted losses. The financial loss is not limited to the ransom itself.
Hospitals might have to stop receiving patients due to not being able to access their systems and data. In addition, recovering from a breach and having systems running again can take time. Transitioning to emergency protocols and implementing mitigation measures are equally onerous.
The impact of operational disruption can be understood in terms of:
Ransomware in hospitals brings costs to the organization’s reputation and might public relations and crisis management efforts. As per a study commissioned by Armis, “49% of potential patients said that they would change hospitals if their healthcare organization was hit by a ransomware attack.” With patients switching to other facilities, there’s also a direct impact on hospital revenue.
Healthcare is a highly regulated sector. HDOs are subject to the Health Insurance Portability and Accountability Act (HIPAA), a national law that protects patient records. HIPAA-covered entities are required to notify authorities of breaches of unsecured protected health information (PHI) and are subject to fines for HIPAA violations.
No wonder healthcare has the highest average data breach cost for 12 consecutive years, according to IBM Security’s annual Cost of a Data Breach Report 2022. The study also suggests the existence of a longtail of costs. In highly regulatory environments, such as healthcare, only 45% of the breach costs are accrued in the first year, says IBM.
We are past the question of whether or not healthcare ransomware attacks can put lives at risk — the answer is yes. A report by Ponemon Institute highlights the life-or-death consequences of ransomware targeting healthcare, stating that “nearly one in four healthcare providers reported an increase in mortality rate due to ransomware.”
Longer hospital stays and delays in tests and treatments are among the top negative consequences of ransomware in healthcare.
Source: Ponemon Institute Research Report
A notorious example of ransomware shutting down hospitals and affecting patient care was the attack on the University Hospital Düsseldorf in 2020. In the case of this hospital attacked by ransomware, the computer systems crashed and the organization was unable to access data. As a consequence, an emergency patient who needed urgent admission had to be rerouted to another facility and sadly passed away.
For an in-depth look at the impact of medical device ransomware, watch our webinar:
According to a survey commissioned by Armis, 58% of the surveyed healthcare IT pros stated that their organizations have been hit with ransomware. With a target on their back, hospitals need to reinforce their security safeguards to minimize the risks of a healthcare cyberattack.
You can start your mitigation strategy by closing these top 3 hospital cybersecurity gaps:
Cyber hygiene is a set of cybersecurity best practices that help to maintain the security of your digital assets and minimize attacks. Updating your software, replacing legacy technology, and using strong passwords are a few examples.
Patching your systems is critical because software vulnerability exploits are one of the most common attack vectors. In fact, the WannaCry ransomware, which ravaged the healthcare sector, exploited unpatched Windows vulnerabilities.
Another important cyber hygiene measure is to back up your files and store them independently to avoid losses in case of a breach.
As per Verizon’s report, 82% of data breaches involve the human element — for example, falling victim to spearphishing or having credentials stolen. So it’s critical to train hospital staff on cyber risks and security best practices. Here’s what you can do:
One of the challenges of healthcare cybersecurity is to have a complete picture of all digital assets, including IT, OT, IoMT, and IoT devices. You cannot protect what you cannot see, but only 36% of Ponemon Institute’s ransomware report respondents say their HDOs know where all medical devices are.
Comprehensive asset visibility requires bridging the silos between clinical engineering and IT security. You need to track all devices as well as understand how they are used and which vulnerabilities they pose.
A critical element of a ransomware mitigation strategy in healthcare is to deploy an agentless cybersecurity solution that tracks all devices, including those that cannot accommodate security agents.
Your cybersecurity solution also needs to be always on, monitoring your environment passively and continuously. Traditional IT security solutions such as scans won’t work for hospital environments because they can cause crashes, which are especially dangerous in the case of sensitive medical devices touching patients.
Armis utilizes passive agentless technology to provide unified asset visibility and security for every managed and unmanaged IT, OT, IoMT, and IoT asset in your environment. Armis unites biomedical, security, and IT teams to identify all digital assets, assess and prioritize risks, and highlight mitigation information for improved healthcare cybersecurity.
Your team can understand vulnerabilities and what actions they should prioritize in order to stop attacks. For example, you can see which devices are unpatched or have outstanding FDA recalls. You can also integrate Armis with enforcement points such as NAC systems and firewalls for proactive network segmentation and automated incident response.
Looking for more information on how to minimize ransomware attacks in healthcare? Get in touch with our team to discover what Armis can do to shield your operations.
Ransomware is a type of malware that holds a company’s data or systems hostage. Attackers infiltrate the network, then start moving laterally to gain more control over the environment. Attackers encrypt files, lock the organization out of the system, and make a ransom demand to restore access or avoid leakage of sensitive data. Attackers claim that they will unencrypt the data on receipt of payments, but that is not always the case.
Ransomware is a federal crime in the United States, so victims should report this type of cybercrime to federal authorities. Here’s how:
Contact the field offices of the FBI or the U.S. Secret Service.
File an online report with the FBI’s Internet Crime Complaint Center.
File an incident report with the Cybersecurity and Infrastructure Security Agency (CISA).
Check out all IoMT Playbook Chapters:
Sign up to receive the latest news