25% of Healthcare Organizations Said a Ransomware Attack Forced Them to Completely Halt Operations
Ransomware attacks continue to plague the healthcare industry. The attacks disrupt operations due to essential IT systems being taken offline, the lack of access to electronic health records causes patient safety issues, and it is common for emergency patients to be redirected to other facilities immediately after attacks and for appointments to be postponed.
Recently, cybersecurity firm Trend Micro conducted a study to investigate the impact ransomware attacks are having on healthcare organizations. The survey was conducted on 145 business and IT decision-makers in the sector, with a more extensive global study on the ransomware threat conducted by Sapio Research on 2,958 IT security decision-makers in 26 countries.
Trend Micro reports that 25% of all data breaches now involve ransomware. Between 2017 and 2021, ransomware attacks increased by 109%, and 2022 has seen a 13% year-over-year increase in attacks. These attacks are having a major impact on healthcare organizations, which have been actively targeted by several ransomware gangs.
57% of healthcare organizations said they had experienced a ransomware attack at some point in the past 3 years. 86% of healthcare organizations that suffered a ransomware attack suffered operational outages as a direct result of the attack, with 25% of organizations that experienced an attack forced to completely halt operations. 60% said that some business processes were disrupted due to the attack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The recovery time from these attacks can be considerable, with healthcare organizations continuing to face disruption to their services for extended periods. 56% of organizations represented in the survey said it took several days to recover from the attack, with almost a quarter (24%) saying it took weeks to fully restore operations after an attack.
Data theft is now common in ransomware attacks, with threats issued to publish or sell the stolen data if the ransom is paid. This tactic has proven so successful that some cybercriminal groups have abandoned ransomware altogether and now just steal data and threaten to publish if payment is not made. 60% of responding organizations said sensitive data was stolen and leaked by the attackers, with the data theft and leakage leading to reputational damage, compliance risks, and increasing the investigation, remediation, and clean-up costs.
The research indicates healthcare organizations have been taking proactive steps to counter the threat and improve their defenses. 95% of responding organizations said they are patching promptly to address software vulnerabilities, 91% have implemented additional controls to prevent malicious email attachments from being delivered, and adoption of advanced detection and response tools for their network (NDR) and endpoints (EDR) is growing, as is the use of extended detection and response (XDR) solutions.
There is also considerable concern about supply chains. 43% of respondents said their partners have made them more attractive targets for attacks, 43% said they lack visibility across the ransomware attack chain which is making them more vulnerable, and 36% said the lack of visibility across attack surfaces which has made them a bigger target.
However, the survey revealed several security gaps. For instance, 17% of respondents did not have any remote desktop controls in place, despite RDP vulnerabilities commonly being exploited to gain initial access to healthcare networks. There is considerable room for improvement concerning threat intelligence sharing, with 30% admitting to not sharing threat intelligence with partners, 46% do not share threat information with suppliers or the broader ecosystem, and one-third (33%) said they do not share any information with law enforcement.
Only 51% of organizations use NDR, 50% use EDR, and 43% use XDR, with only 46% of organizations monitoring for living-of-the-land techniques such as the malicious use of tools such as MimiKatz and PsExec. Only 42% say they can detect initial access and just 32% can detect lateral movement.
“In cybersecurity, we often talk in abstractions about data breaches and network compromise. But in the healthcare sector, ransomware can have a potentially very real and very dangerous physical impact,” said Bharat Mistry, Technical Director at Trend Micro. “Operational outages put patient lives at risk. We can’t rely on the bad guys to change their ways, so healthcare organizations need to get better at detection and response and share the appropriate intelligence with partners to secure their supply chains.”
