Federal agencies have issued recent warnings about the rise of ransomware designed to target the healthcare industry, intensifying the demand for cybersecurity to mitigate exposure and costly risks.
Disruptive, audacious and heartless. These are a few words that only begin to describe the recent news of cybercriminals unleashing extortion attempts to purposefully target the U.S. healthcare system. Since 2018, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have released over 40 alerts, separately or combined, that detailed various ransomware threats that organizations in different industry sectors needed to be wary of, 7 of which directly addressed the healthcare industry.
A Cybersecurity Advisory (CSA) was released earlier in the year as part of an active #StopRandsomware campaign in an effort to “publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.” The specific alert focused on Royal ransomware, which, according to Malicious Life by Cybereason, “is a type of cyberthreat that uses a unique partial encryption approach that allows the threat actor to choose a specific percentage of data in a file to encrypt. This approach allows the actor to lower the encryption percentage for larger files, which helps evade detection.” The alert stated that Royal actors have made ransom demands that ranging from approximately $1 million to $11 million USD in Bitcoin—which is just one example of how damaging current cyberthreats can be to any organization.
The rise of cybercrime in healthcare
The threat of ransomware attacks is nothing new and cybercrime as a whole has been a steadily growing problem for consumers and businesses alike. According to WIRED, 2023 is the second largest year for ransomware revenue of all time, only surpassed by 2021, already seeing nearly $500 million in payments in the first 6 months.
Within the healthcare sector, the U.S. Department of Health and Human Services Office for Civil Rights has logged over 350 breaches that have affected over 44 million people within 2023 alone. A recent high-profile example is the HCA Healthcare breach—now known as one of the largest breaches in health care in history. HCA Healthcare operates over 180 hospitals across 20 different states. 11 million patients had their information stolen including names, addresses, appointment dates and more. With modern technological developments, cybercrime is only going to continue to increase in frequency, scope and complexity.
The risks and aftermath presented by healthcare-focused cybercrime have the capacity to be devastating. Cyber Magazine published findings that the damage costs from global ransomware are predicted to be more than $265 billion by 3031 and that cybercrime is building to cost the world approximately $10.5 trillion annually by 2025. These costs can arise from different sources, depending on the crime, industry and other factors, including damaged or stolen data, lost productivity, reputational harm and post-attack technological disruption.
The major risks of these attacks can vary from loss of patient trust to delayed delivery of services to patients to sheer mayhem as healthcare professionals have no choice but to conduct their jobs without the technology they so desperately need. But long after the attack, organizations are left to undertake costly remediation efforts by paying the ransom or recovering compromised systems, undergoing a forensic investigation and purchasing or updating security systems for future protection. Some have also had to deal with lawsuits as a result of the breaches and attacks that occur. Banner Health, an Arizonian healthcare delivery service, was hacked in 2016 and has recently had to pay $1.25 million to resolve a federal probe regarding noncompliance with HIPAA as a direct consequence of the hacking. This instance shows how a breach can follow a company for years after.
On top of all that, healthcare organizations have had to make drastic network changes in order to provide safe, contactless clinical care. Remote work environments were created seemingly overnight, and telehealth has become standard. Both of these changes have put an added security risk on hospital environments and the threat of increased ransomware attacks has IT departments scrambling. It is important, then, that organizations are properly preparing themselves within their human and machine parts for the real possibility of a ransomware attack.
How to mitigate risks
Cybersecurity has arguably become one of the most important initiatives for all industries, but especially within healthcare. When everything is connected, everything becomes vulnerable. To successfully defend against human-operated attacks, it is critical for hospitals and the public health sector to adopt new best practices and build robust information technology networks that are properly secured and defended against cyberattacks.
For healthcare organizations that are faced with compliance requirements around sensitive data, one crucial step to take is to create a clear picture of what your compliance strategy is today and where it needs to be tomorrow. The Windstream Enterprise IT Managed Services team offers deep knowledge in security to evaluate your network, pinpoint vulnerabilities and threats and provide security management as a service before you fall victim to an attack. Whether you are in the current process or have already undergone recent IT changes to enable your facilities to function in remote environments, now is an especially good time to review your strategy.
Our security experts have experience across multiple sizes and types of healthcare organizations and can help build your defense against such attacks with modern solutions like Secure Access Service Edge (SASE) and Security Service Edge (SSE). Advice from outside your organization can accelerate your cybersecurity defense and help uncover any vulnerabilities in your organization’s network.