By Anthony Cusimano, technical director, Object First.
There’s no sugarcoating it: cybercriminals are attacking the US healthcare industry. The FBI announced recently that healthcare suffered more ransomware attacks than any other industry in 2022.
As healthcare professionals, the ultimate goal is to provide safe and efficient patient care. Consistent and accurate access to electronic health records is a massive part of this objective, which any data disruption can harm. Once a threat actor is inside a system, they can disrupt operations by exfiltrating data, locking or deleting files, and encrypting data until a ransom is paid. Healthcare organizations should be aware of ransomware’s threat, no matter the institution’s size, and plan to protect its data.
A rampant threat
The focus on healthcare as a target for ransomware attacks has been building for some time. From 2016 to 2021, ransomware attacks against US healthcare organizations more than doubled. But now, cybercriminals gangs are becoming more innovative, using new techniques to get into networks, evade detection, and encrypt files.
In February, the Health Sector Cybersecurity Coordination Center warned healthcare systems of a new ransomware variant targeting the industry: MedusaLocker. The group took advantage of the COVID-19 pandemic to infiltrate and encrypt healthcare systems. Ransomware variants like MedusaLocker, including Royal and Clop, make healthcare their primary target because of the wealth of personal information available in these systems. Additionally, healthcare organizations often have less robust IT/cybersecurity departments than other industries, such as the technology or financial sectors, due to staffing shortages, lack of funds, and outdated tech.
But ransomware isn’t the only thing that can take down a healthcare practice. Natural disasters, such as flooding or inclement weather, or human error, such as an employee accidentally deleting an important file, can happen just as unexpectedly. All hospital IT departments and independent practices should have a data backup and recovery plan to protect sensitive electronic medical records and keep patient care running smoothly and safely. However, often these departments only have the resources to implement solutions that run unmonitored in the background. Without a proper plan, this leaves them vulnerable when data disruptions occur.
While all of this may seem disheartening, actions are within our control. Consider these steps to be prepared for when data disruption strikes.