Ransomware is malicious software that denies access to data or systems until a ransom is paid. While it sounds like something out of a movie, it is a very real and widespread threat. Hackers don’t discriminate, they attack where they believe there is valuable data and individuals willing to pay to regain access to it. This makes healthcare organizations prime targets.
According to Cyber Pulse: The State of Cybersecurity in Healthcare, one in four healthcare organizations were hit by ransomware in 2018, and by 2020 that number is expected to quadruple. Healthcare organizations are prone to ransomware attacks because there is an increased likelihood of payment due to the life-threatening consequences that can arise when patient data and hospital systems cannot be accessed. It is no longer a matter of whether an organization will be hit by ransomware, but rather when. So what are the consequences for healthcare organizations infected with ransomware and how can healthcare organizations prepare for the inevitable?
The costly effects of a ransomware attack Behind the scenes, cybercriminals are continuously at work attempting to infect organizations’ hard drives all around the world with malware and ransomware through tactical phishing campaigns. Rather than targeting a single individual, attacks are directed at a large pool of people, in the hopes that a small percentage become infected. The phishing campaigns impersonate everyday services and communications, sharing fake documents or folders, in an attempt to infect computers. Once clicked, the system is then infected with ransomware, blocking their computer system or personal files. Hackers then demand ransom amounts that are not exorbitant to a single victim, but a rather sizable amount that is profitable and more likely to be paid than not.
The scary truth is that entire healthcare organizations are at risk of falling victim to ransomware, locking healthcare providers out of important patient data. Diagnoses, treatment plans, and patient history are all vital to ensure a patient receives the best care possible. When that information isn’t readily available, patients and providers are put in precarious positions. People’s lives depend on healthcare providers’ ability to access patient information. When that information isn’t accessible, there is an increased risk of medical errors, wasted time due to lack of efficient processes, and duplicate tests conducted to account for missing information.
