Published: December 31, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
By now it’s long known that ransomware attackers have favorite targets, and those aimed at critical services are among the most victimized. These attacks often favor organizations like hospitals, city, and other government services for a reason. Any target having to do with these and other critical services are soft targets, likely to quickly pay a ransom demand to get their data returned and full services back up and running. In particular, the chaos these attacks bring to hospitals and healthcare is particularly heartless, putting lives at risk when patient health information and vital services come to a grinding halt.
And now the worst-case life or death scenario may have happened because of ransomware. Spoiler alert! This does not have a happy ending.
One Alabama hospital witnessed the worst of their active ransomware attack when a child was born during diminished monitoring services involving the birth. According to a lawsuit by the child’s mother, Springhill Medical Center, deep in the throes of a ransomware attack, failed to notify her that these critical services were not available for the birth of her child.
The tragic result of the impacted monitoring services, according to the suit, led to her daughter being born with severe brain and other injuries, ultimately leading to her death nine months later. The mother claims the hospital covered-up the attack and their limited services, saying had she known about it, she would have gone to a different hospital to deliver her baby.
The Cost Of Ransomware Attacks On Healthcare
According to UTHealth School of Biomedical Informatics, “Cybercriminals try every hospital, every day; every computer, multiple times a day.” says one professor. Comparitech finds in 2020, 92 different ransomware attacks meant over 600 hospitals, individual clinics and organizations and over 18 million patient records were affected. The estimated financial cost of these attacks reached nearly $21 billion. In general, ransomware demands varied from $300,000 to $1.4 million to restore encrypted data.
Not every healthcare provider, hospital or clinic can afford to bolster their cybersecurity, especially those in rural areas. But what all types of providers can do is backup their data at regular intervals. These backups can restore the data encrypted in a ransomware attack so services can quickly resume and paying a ransom demand is entirely avoided. However, these backups need to be done in a way they too won’t fail when needed.
Healthcare Ransomware Survival Tips
Perform regular data backups that are offline, separate from the system
Backups and the backup process should be regularly tested so they work properly when needed
Keep all data systems updated, including with the latest software and security patches
Have data systems checked for vulnerabilities including prevention and detection of cyberattacks
Have a plan in place to respond and mitigate ransomware attacks. It can help keep downtime, patient harm, and financial damage to a minimum
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com