Keep up with the latest news, advice and industry insights.

Ransomware in the Healthcare Industry

As COVID-19 cases decrease, the healthcare systems are facing an increase in new viruses.

While the healthcare industry continuously faces various challenges each day, events in 2021 have made it clear that the industry is being targeted like never before and is under attack – quite literally. Ransomware attacks on the healthcare sector are on the rise, with a recent report indicating that 34 percent of healthcare organizations were hit by ransomware attacks in the past year. The global survey was issued by cybersecurity company Sophos to 328 healthcare IT decision-makers.

For background, ransomware is a type of malware that infects systems and files, rendering them inaccessible until a ransom is paid. When this type of attack hits healthcare organizations, there are several potential consequences:

  • Threats to patient privacy
  • Financial costs associated with paying the ransom and business recovery
    • The average cost of rectifying a ransomware attack could be $1.27 million
  • Critical processes are slowed or become completely inoperable
  • Lower care quality as internal staff works to regain system access
  • Reputation damage affecting the future of the organization
  • Loss of patient data

The current state of ransomware in healthcare can point back to the challenges that healthcare IT faces when it comes to resources and finances. Healthcare organizations are often understaffed – a circumstance that has only worsened during the pandemic. Additionally, many healthcare organizations don’t want to issue funds for cybersecurity when those funds could be put toward medical resources that impact patient care more immediately. While some healthcare organizations have adopted modern equipment, some still use legacy equipment, potentially giving attackers an easy entry point.

Unfortunately, ransomware attacks will likely continue to go after healthcare and while there is nothing that can be done to completely prevent these incidents, healthcare organizations can minimize the impact of an attack with a malware incident recovery plan. Since there is a high awareness of ransomware in healthcare, organizations are taking action to mitigate the situation. The report found that 89 percent of healthcare organizations have a malware incident recovery plan.