Takeaway: With ransomware attacks increasing over the past few years, healthcare organizations can expect hackers to make ransom demands while holding their computer systems hostage.
Everything comes back in style. In the 90s, computer hackers learned how to infiltrate networks, hold them hostage, and demand payment to make them functional again. Recently, this strategy has resurged in the healthcare industry, potentially placing people’s lives at risk.
From 2021 to 2022, the number of ransomware attacks on healthcare organizations skyrocketed by 94%. This resulted in two-thirds of healthcare organizations in the U.S. experiencing some form of a ransomware attack in 2021, up from 34% in 2020. According to cybersecurity experts, ransomware attacks on healthcare organizations were always common. But it is the increase in frequency and severity of these attacks now that is worrisome.
These attacks can have devastating consequences. Most recently in San Diego, California, treatments at a chemotherapy facility were delayed and, at another healthcare facility, ambulances were diverted from the emergency room after computer systems were frozen by an attack. In 2021, the first lawsuit alleging “death by ransomware” occurred where a mom sued a hospital for fatal brain damage to her newborn after heart rate monitors failed because of an attack.
Healthcare facilities are high-profile targets because attackers know the facilities are willing to pay high ransoms to safeguard people’s lives. In fact, 61% of healthcare organizations paid attackers ransom to resolve a ransomware attack in 2021.
Most of these attacks are carried out by private criminal groups. Conti, a crime syndicate out of Russia, was traced back to 30% of ransomware attacks in 2021. And just two weeks ago, the FBI revealed in June that it successfully thwarted an attack from Iran on a children’s hospital in Boston.
As this unsophisticated tactic of the recent past resurfaces, organizations that utilize or transmit private health information must ensure that they are prepared. This may include implementing more comprehensive security systems, conducting employee training, or revamping their data security policies to minimize the threat of data breaches.
Here are additional articles about the latest health system data breaches: