1/3 of Healthcare Organizations Paid Ransom to Restore Their Data

People depend on hospitals, clinics, medical offices and other healthcare providers to be there when they need them the most. In turn, healthcare organizations depend on technology to be able to provide care. It is an industry where 24-hour availability of services is, quite literally, a life or death matter. For healthcare organizations, IT downtime is not only unacceptable but potentially threatening to human lives. Perhaps this is why 34% of healthcare organizations attacked by ransomware in the past year admitted to paying the ransom to try to get their data back and minimize disruption to services.

Sophos, a leading cybersecurity company and AllSafe IT partner, published a report on The State of Ransomware in Healthcare 2021. The survey of 328 IT decision makers across globe revealed that 34% of organizations surveyed were hit by ransomware in the past year. Of those, 65% said that the cybercriminals were able to encrypt their data, making it unavailable and essentially useless. As mentioned above, 34% – over a third – of these paid a ransom to recover their data. Again, part of this is because of the urgency to get their systems back so they could continue service.

But alarmingly, another reason that healthcare organizations elected to pay up is because they were less prepared to restore from backup. The report showed that only 44% were able to use backups to restore their data, compared to the global average of 57% for other industries. Of all industries surveyed, healthcare ranked the second lowest in their ability to restore from backup.

As far as costs, the average ransomware payment was $131,304. However, paying the ransom is a poor strategy. Healthcare organizations reported that they only received an average of 69% of their data back after paying up. The remaining third of their data stayed encrypted and therefore inaccessible. Across industries, only 8% said that they got all their data back after paying ransom.

But the ransom itself is only a small fraction of the total cost required to recover from a ransomware attack. When figuring the total cost, including downtime, loss of business, device and network cost, etc, healthcare organizations spent an average of $1.27 million in recovery costs after a ransomware attack.

Why is the Healthcare Industry So Vulnerable?

The Health Sector Cybersecurity Coordination Center (HC3) is an entity created by the United States Department of Health and Human Services to identify and communicate cybersecurity risks with the healthcare and public health (HPH) sector. So far, HC3 has tracked 82 ransomware incidents impacting healthcare in 2021 (as of May 25). This includes the attack on the Irish healthcare system, which forced major disruption and cancellation of non-critical services. Of the 82 ransomware attacks logged in 2021, 48 were in the United States and 10 were in California.

One reason for the uptick in cases is that healthcare organizations don’t tend to prioritize their spending on IT security. In fact, hospitals are notorious for investing only 1/10 the amount spent by other industries on technology and cybersecurity. As a result, their IT systems tend to be outdated and end-of-life, lacking the latest security patches.

Healthcare records contain sensitive personal data, including patients’ identification info, medical histories, prescriptions, diagnoses, financial info, etc. This makes them extremely valuable to scammers and identity thieves.

These factors, combined with the inherently urgent nature of healthcare services, make the healthcare industry an attractive and easy target for cybercriminals.

What can Healthcare Organizations do to prevent or mitigate an attack?

AllSafe IT recommends the following best practices:

• Deploy a multi-layered stack of security solutions like AllSafe IT’s Safe Total, which includes endpoint protection, advanced email security, multi-factor authentication, security awareness training and compromised credential monitoring.
• Implement Backup and Disaster Recovery (BDR). Restoring from backup is the easiest, cheapest and most reliable way to restore data after an attack.
• Make sure you’re HIPAA compliant. According to the U.S. Department of Health and Human Services, being HIPAA compliant can help prevent ransomware or help organizations recover from ransomware.
• Assume you will be hit. We only hear about huge corporations in the headlines, but healthcare providers of all sizes are targeted. Do everything you can to avoid an attack, but also be prepared for the worst.
• Have a malware recovery plan. Speaking of preparing for the worst, make sure you have an incident response plan in place. This will enable healthcare IT teams to quickly mobilize when a ransomware attack starts and may even be able to stop an attack before data can be encrypted.
• Don’t pay the ransom. Organizations that pay ransom only have an 8% chance of getting all their data back. This is a very poor return on investment indeed.

AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies—many of those within the healthcare industry. Our specialized services are uniquely tailored to healthcare IT support to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime, maximized data security, and importantly, resources for comprehensive HIPAA compliance. From comprehensive and preventative cybersecurity strategies to 24/7 customer support to multi-layered HIPAA compliance, AllSafe IT understands the robust—and unique—needs of healthcare businesses.

‍