According to IBM’s Cost of Data Breach Report 2024, the global average cost of a data breach this year reached $4.88 million, an increase of 10% compared to 2023.
For the healthcare industry, this report provides both good and bad news. The good news is that the average cost of a data breach has decreased by 10.6% this year. The bad news is that for the 14th year in a row, the healthcare sector has topped the list for the most expensive breach recovery costs, with an average cost of $9.77 million.
Ransomware plays a key role in creating this cost difference. As data from the Office of the Director of National Intelligence points out, the number of ransomware attacks nearly doubled from 2022 to 2023. Meanwhile, recent large-scale attacks, such as those against Change Healthcare and Ascension, demonstrate the effectiveness of these attacks. It’s about hackers getting what they want.
result? Ransomware is on the rise. Here’s what healthcare organizations need to know about why ransomware works so well, what attackers want, and how past breaches are driving future trends. I will.
Why ransomware works in healthcare settings
Medical data is valuable not only economically but also physically.
Consider a ransomware attack that finds and encrypts patient data. In the best-case scenario, a patient’s treatment plan is temporarily delayed or put on hold. In the worst-case scenario, lives are at risk because staff are unable to access critical patient information.
When healthcare companies draw the line and refuse to pay, they’re not just dealing with financial and operational issues. may put the patient at risk. This creates a dual pressure problem, with both executives and patient families putting pressure on IT teams to respond to requests rather than attempting to decrypt compromised data. As a result, healthcare companies are more likely than other industries to pay a ransom, even though there is no guarantee that the data will be decrypted and the attackers will not try again.
road to compromise
While internal issues such as human error and IT failures are the cause; 26% and 22% 52% of healthcare attacks were caused by malicious actors.
According to a report by the Office of Information Security and the Health Sector Cybersecurity Coordination Center (HC3), the main attack vectors for the healthcare sector include social engineering, phishing attacks, business email compromise (BEC), distributed denial of service (DDoS), and botnets. .
A compromise via any of these vectors provides an opportunity for cybercriminals to download and install ransomware. In the case of attacks such as phishing and email compromises, it can take days, weeks, or even months for an organization to realize it has been compromised.
Lack of IT talent also makes it easier for attackers to penetrate healthcare networks. As noted in a recent study by CDW, 14% of healthcare organizations say their IT security teams are adequately staffed. That’s all half Say you need more help 30% say they are understaffed or severely understaffed. This leaves many businesses in a state of continuous cybersecurity triage, leaving them one step (or more) behind malicious attackers.
Read the cost of a data breach report
What the attacker is aiming for
Attackers look to encrypt and steal all data, making it difficult for healthcare organizations to perform key tasks and putting them at risk of regulatory breaches.
This includes electronic medical records (EMR) that contain patient information such as treatment plans, financial information, insurance details, and social security numbers. Attackers can also prevent staff from accessing key solutions, such as scheduling tools, or cut off connections to key cloud services.
In other words, attackers want anything they can sell and anything they can use to force immediate action. Consider a financial company. If protected documents are compromised, financial companies can suffer financial and reputational losses. In healthcare, on the other hand, compromise can lead to serious injuries and loss of life, both critical events that make it virtually impossible for an organization to regain a solid reputation in the industry.
Hackers see, hackers do.
Ransomware attacks are on the rise, in part because hackers are repeatedly successful.
For example, in February 2024, Change Healthcare suffered a ransomware attack orchestrated by a group known as BlackCat. Rather than risk losing critical data, Change paid the attackers $22 million. According to a recent NPR article, the company’s total losses from this incident could exceed $1.5 billion.
Three months later, another ransomware group attacked Ascension, a Catholic health system with 140 hospitals in 10 states. Healthcare providers were locked out of critical systems that help track and coordinate patient care, including information about drug types, dosages, and potentially problematic reactions. The return to paper helped Ascension manage the impact, but it significantly slowed down the operational process.
The continued success of ransomware attacks creates opportunities for both skilled and not-so-smart attackers. Attackers with coding talent can write their own code and combine it with existing malware tools, while unskilled attackers can purchase ready-to-use ransomware packages. on dark web marketplaces.
How healthcare companies reduce ransomware risk
Mitigating ransomware risk requires a two-part approach that includes protection and detection.
Protection includes the use of anti-spoofing and email verification tools that can reduce the number of potentially fraudulent messages that reach users’ inboxes. For example, businesses can flag certain phrases such as “emergency measures” or “funds transfer” to limit the risk of phishing attacks.
Meanwhile, AI and automated tools can help organizations reduce the time needed to detect and mitigate attacks. Healthcare companies using AI and automation tools have been able to detect and contain incidents, said Brendan Foulkes, IBM’s global industry technology leader for healthcare. 98 That’s a few days earlier than average. Additionally, companies using these solutions saved an average of nearly $1 million.
Beware of “wear”
Ransomware attacks against healthcare organizations continue to increase as cybercriminals realize the value of operational and patient data in coercive actions of affected companies.
While it’s impossible to completely eliminate the risk of ransomware, companies can use email protection tools and AI to automate key processes and pinpoint potential problems before relevant patient data is compromised. Combining detection solutions can reduce the likelihood of a breach.
read more
