Healthcare becoming a Ransomware Magnet. Why?

            1. Sensitive Patient Information

            The foremost reason healthcare organizations are becoming a ransomware magnet for malicious actors
            to  exploit  is  the  sensitive  patient  information.  According  to  research  by  Rubrik,  a  typical  healthcare
            organization  has  more  than  42  million  sensitive  records  –  50%  more  sensitive  data  than  the  global
            average of 28 million. This data is lucrative for cyber criminals and often the reason they target healthcare
            organizations.  Once these  malicious  actors get access  to such data,  they can use it for various  gains
            such as financial frauds, identity theft.

            2. Legacy Software Systems

            Ransomware  attacks  are  also  prevalent  in  healthcare  due  to  their  outdated  systems.  Healthcare
            organizations  don't  update  their  systems  often  because  it  disrupts  operations.  Updates  protect  these
            organizations  by patching  their security  vulnerabilities.  If these  vulnerabilities  aren’t  fixed  in time, they
            can convert into data breaches. In fact, according to Sophos, in 29% of ransomware  attacks, exploited
            vulnerabilities  are  the root  cause  of  the attack.  Hence,  making  them  easy  entry points  for hackers  to
            infiltrate and cause disruption. Want to secure your medical devices from such attacks? Learn more about
            our medical device cybersecurity.

            3. Staff Unawareness


            Healthcare  staff remains to be a weak link against cybersecurity  attacks like ransomware  for hospitals.
            When  it  comes  to  ransomware  attacks  your  staff  can  play  a  huge  role  in  avoiding  it.  Credentials
            compromise (32%), Email based attacks (malicious links or phishing) in over one third of cases were the
            root cause of

            ransomware attacks according to Sophos. All these attacks can be minimized if your healthcare staff is
            more aware of the cyber-threatening  landscape like phishing attacks.



            The Impact of Ransomware on Healthcare Organizations

            1. Financial Loss

            The first point of impact that healthcare organizations face post a ransomware attack is the ransom they
            must pay to recover the data or the system. In 2023, as per The Global Healthcare Cybersecurity Study
            2023,  26%  of  healthcare  organizations  had  to  pay  money  as  ransomware  payments.  Data  retrieval
            becomes an important aspect of healthcare as operations are impacted due to a ripple effect.

            2. Data Loss

            The second impact that a healthcare organization  faces post a ransomware  attack is the data loss. As
            per  a Sophos  report,  in  the year  2023,  in more  than  one-third  of  the cases  (37%)  after  the data  was
            encrypted during a ransomware  attack, the data was stolen as well. This “double-dip  method” has also
            become quite common by cyber attackers over the years. This data is then used for financial frauds and





            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          227
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.