March 08, 2021
4 Min Read
Threat actors are taking full advantage of today’s uncertain times by launching a wave of new cyber-attacks, leveraging tactics such as phishing, ransomware, and credential stuffing. Ransomware attacks alone — in which hackers take over an organization’s computer systems and demand ransom payments to return them — have seen a dramatic uptick amid the COVID-19 pandemic. Cybersecurity Ventures estimates that organizations will fall victim to a ransomware attack every 11 seconds by 2021, up from every 40 seconds in 2016.
Ransomware has a major impact since encrypting and blocking access to sensitive data can shut down an organization’s entire business operations, causing major financial damages. According to IBM's Cost of a Data Breach Report 2020, the average cost of ransomware attacks is about $4.44 million, which is higher than the average cost of a traditional data breach ($3.86 million) or malicious breach ($4.27 million).
The impact of these type of attacks is even bigger for healthcare organizations, as they are dealing with a vast amount of highly sensitive data which needs to remain current and accurate, as life or death decisions may depend on it. Thus, it is not surprising that according to the US Healthcare Cybersecurity Market 2020 - Frost Radar Report more than 90% of all healthcare organizations reported at least one security breach over the last three years in the United States. Threat actors see healthcare providers as prime targets because their systems (e.g., virtual care platforms, remote patient monitoring devices, diagnostic systems, and ICU ventilators) are crucial to patients' wellbeing, making them more likely to pay a ransom.
A good example for this is last year’s ransomware attack on Universal Health Services (UHS), a Pennsylvania-based healthcare provider operating about 400 facilities. The ransomware attack forced the company to shut down its IT network at multiple hospitals across the country and divert patients to other facilities. However, such actions can prove fatal, as another security incident in Germany illustrates. A female patient died after Düsseldorf University Clinic's servers were encrypted, which necessitated that she be relocated to a hospital 20 miles away.
Basic Steps to Increase Cyber Resilience
The following fundamental measures can help healthcare organizations minimize their exposure to ransomware attacks:
The Power of Absolute
Beyond these generic preventive measures, organizations must pay special attention to the state of their endpoints, as those devices are often the launchpad from which ransomware spreads across the network. Thus, it is essential to assure that all endpoints on a healthcare organization’s network are healthy and that all applied security controls persist. In doing so, healthcare organizations can significantly reduce a threat actor’s attack surface and in turn minimize the cyber risk exposure.
In this context, Absolute helps healthcare organizations provide the necessary visibility, defense, and response tools to protect against and respond to ransomware attacks. Leveraging the power of Absolute technology, healthcare organizations can:
Ultimately, selecting an endpoint resilience solution like Absolute is one of the most critical technology investments a healthcare organization can make to minimize their cyber risk exposure. To check out more details, please visit our healthcare solutions page.
Share this article