In recent weeks, multiple industries have experienced the devastating consequences of ransomware attacks.May ransomware attack on Colonial Pipeline-one of them biggest U.S. pipeline operators-triggered widespread shortages of natural gas and jet fuel. In June, the world’s largest meat processor closed nine US factories after being attacked.
These organizations and other organizations that provide basic public services or infrastructure are becoming more common the goal Used for ransomware attacks, where system access is blocked, taken hostage and restored in exchange for ransom. The reason bad actors target companies that are at the heart of American life is simple: when the risk is high, entities are more willing to pay huge sums of money.
Kevin Mandia, chief executive of the cyber security company FireEye, said: “The pharmaceutical industry, hospitals, healthcare, public companies, organizations that do not have the ability and skills to protect themselves-they are being hit hard.” Wall Street Journal Cyber security conference.
Weaknesses in healthcare
In the healthcare sector, the immediate, uninterrupted availability of patient data is essential to provide quality care, and ransomware attacks put organizations in a difficult position: they can reward and encourage criminals by paying a ransom, or leave the quality of care hanging in the balance due to limited internal Employees are struggling to regain access to the system and are therefore in a state of balance.Hospitals and health systems that choose the latter-to resist the ransom-may be locked out of their electronic medical records weekSince the EHR plays a central role in determining the patient’s treatment process, coordinating care, and ensuring compliance with the treatment plan, blocking access can be devastating from a quality perspective.
However, the damage to the health data hostage situation may extend far beyond medical point issues. Patient records contain immutable, highly sensitive information that can be used long after identity theft and other types of fraud have been compromised for the first time.Therefore, it’s not difficult to understand why healthcare organizations Among According to the “Wall Street Journal” professional research network security survey, it is most likely to consider paying a ransom to restore data access in the event of an attack.
Although the prospect of a quick resolution makes hospitals and health systems more inclined to pay the ransom, the immense sensitivity of patient data means that these organizations are also often required to pay high fees to retrieve it. In 2020, ransomware attackers require medical institutions to pay amounts ranging from US$300,000 to US$1.14 million. HIPAA MagazineRise, The average demand is US$169,446. During this year, during the pandemic, medical institutions paid $2,112,744 to ransomware gangs—and this was only a publicly disclosed amount. The real number may be much higher.
As an industry that has been striving to control costs for a long time, healthcare simply cannot afford to lose millions of dollars each year. This is especially true as organizations continue to fight the pressures associated with Covid-19. Unfortunately, hackers have become bolder and more creative in their strategies for leveraging lucrative patient data.As long as they can make money, the ransomware gang will Continue to pursue healthcare And other critical infrastructure in a creative way.
Pay attention to privacy threats
The rise of ransomware has brought patient data privacy issues to the forefront, but it is far from the only privacy threat to healthcare.According to our Traceability dataAlthough 62% of violations in 2020 are related to hacking, health care insiders themselves account for 1 out of every 5 violations. This combination shows that many individuals and entities want to obtain patient data for various reasons, from innocent (for example, accidentally clicking on the wrong record) to evil (stealing records for sale on the black market).
Nevertheless, due to the complexity of the industry, medical institutions are very slow in adopting new technologies, but unfortunately, they are not yet prepared to deal with the myriad threats to patient privacy. Despite hiring hundreds or even thousands of caregivers to interact with EHRs every day, many health systems still try to detect potential data abuse through sporadic and manual review of only a small portion of access. Although it is also necessary to resist violations by external participants, compliance teams that rely on manual audits will inevitably fall behind.
As the guardians of highly personal and coveted data, hospitals and health systems should view recent cross-industry ransomware attacks as a motivation to better protect their institutions. By replacing manual processes with artificial intelligence-driven automated analysis, healthcare organizations can position themselves to maintain patient trust and financial stability.