By Ilia Sotnikov, vice president of product management, Netwrix.
New warnings from the FBI report “an increased and imminent cybercrime threat” to U.S. hospitals and healthcare providers. Experts say the ransomware, called Ryuk, was seen by at least five U.S. hospitals in October. This isn’t unexpected.
In fact, recent research has found that every third healthcare organization experienced a ransomware attack during the past few months. This is the highest exposure across all industries surveyed, above education, finance and public sector. It has disrupted patient care at up to 510 facilities.
So with cyberattacks in healthcare at their peak, it’s time to take heed. Particularly since ransomware in the healthcare sector not only impacts money and reputation, but also human health and lives. And with the current pandemic, healthcare organizations are more vital and fragile than ever.
Today’s healthcare strongly depends on IT; without access to health data and IT systems, doctors cannot provide treatment to patients or make decisions. What is worse, if intensive care units and life-support devices, which are typically connected to the network, are blocked by ransomware, this puts lives of critically ill patients at risk. Such a damage is incomparable to losses in terms of reputation and money, but these still follow as well for healthcare organizations just as they do in other industries.
One of the common reasons why the healthcare industry is vulnerable to ransomware is the frequent use of legacy systems that can be easily exploited by hackers. Making hospitals even more vulnerable to cybercrime is that their IT departments are understaffed. This makes them prone to errors, particularly as they face additional pressure and the demand to support remote work due to pandemic.
In fact, 39% of healthcare organizations suffered from admin mistakes during the past few months. Such mistakes might include improper configurations changes or failure to install updates in a timely manner, which result in vulnerabilities.
The sad reality is that any hospital might fall a victim of ransomware. Therefore, it makes sense to get ready to the worst scenario, taking under consideration the shortage of resources that organizations in the health sector face. Here are five major areas to focus on: