According to a recent report, ransomware attacks relating to healthcare have increased 300% since 2015, with approximately 4,000 daily attacks targeting healthcare organizations. It was also recently reported that over 88% of ransomware attacks are directed at hospitals.
Despite the fact that patient data sells for more than anything else on the black market, the price of EHR is declining on the dark web. As a result, cyber criminals appear to be launching an increased number of attacks in order to acquire the same monetary returns. However there is more at risk than just money. Patient safety, integrity, organization reputation and goodwill value can all be affected, not to mention the increasingly high cost of security breach fines.
What is Ransomware?
Ransomware is a malicious software that is designed to block a computer system or encrypt data until a set of instructions are followed or a sum of money is provided. It often invades the computer by a spam link or by activating macros in a malicious document. The general recommendation is that the ransom should not be paid as there is no guarantee of the data being decrypted or returned.
As outlined above, healthcare organizations are a constant target of cyber attacks, frequently in the form of ransomware with cybercriminals looking to gain access to all of the data, medical or otherwise, within the entity’s system. Once the system is invaded, the attackers may have access to all the organization's highly sensitive data. The influx of EHRs is leading to an increase in ransomware attacks, as cyber criminals look for ways to continue making money from the healthcare industry. Prevention methods and backups are key for survival and for protecting any organization.
Prevention is absolutely the best security measure any organization or individual can take. Organizations need to create and implement a prevention plan with several distinct elements. Unfortunately with data security, there’s no one clear set of measures that will be suitable for every organization. There are many issues that need to be addressed to prepare for cyber attacks, particular to any given organization.
It is worth investing in technology that can help to locate any vulnerabilities that could make an organization more susceptible to an attack, especially those that can help screen emails/ messages for potentially malicious files. All healthcare organizations must be using secure networks, and ensure all staff with access to EHR have strong passwords. In terms of staff communicating with one another, it is wise for an organization to invest in a secure messaging solution or communication platform. Training staff and users to be aware of ransomware is vital in ensuring better protection. It is interesting to note that whilst HIPAA does not directly address ransomware, following the measures for the Security Rule does lay down a good foundation for data security.
The biggest thing any organization can do is to have regular back-ups of all data, allowing healthcare professionals access to records and the ability to continue to provide treatment and care. Investing in strong prevention measures, like encrypting data for softwares used by employees, may help decrease the chances of a ransomware attack, but there is no guarantee it won’t happen. Frequently and consistently backing up records puts your organization in a stronger position to recover should something happen. Cybersecurity must now be a critical part of wider disaster plans to ensure organizations are ready to respond to any attacks.
Visit our website to see how Lua's HIPAA compliant messaging helps keep healthcare organizations' communication secure while optimizing efficiency. Check out Lua's latest blogs to learn more about healthcare communications and security best practices.