As per the IBM Cost of a Data Breach Report 2024, the worldwide average expense of a data breach hit $4.88 million this year, marking a 10% surge from 2023.
For the healthcare sector, the report provides positive and negative news. The positive aspect is that mean data breach expenses decreased by 10.6% this year. On the other hand, the negative aspect is that for the 14th consecutive year, healthcare leads the list with the highest costly breach recoveries, averaging at $9.77 million.
Ransomware contributes significantly to creating this cost variance. As highlighted by information from the Office of the Director of National Intelligence, the count of ransomware attacks nearly doubled between 2022 and 2023. Recent massive attacks like those on Change Healthcare and Ascension have showcased the efficiency of these attacks in meeting the demands of hackers.
The outcome? Ransomware is on the ascent. Here’s what healthcare organizations must be aware of regarding the reasons behind the effectiveness of ransomware, the objectives of attackers, and how past compromises influence future tendencies.
The effectiveness of ransomware in healthcare
Healthcare data holds value – not just financially but also physically.
Imagine a ransomware attack that locates and encrypts patient data. In an ideal situation, treatment plans for patients are briefly postponed or put on standby. In the worst-case scenario, lives are in danger because personnel cannot access vital patient data.
If healthcare establishments stand their ground and decline to pay, they’re not just encountering financial and operational challenges; they’re potentially endangering the lives of patients. This situation presents a dual-pressure dilemma, where both executive teams and families of patients pressurize IT departments to meet demands instead of trying to decrypt compromised data. Consequently, healthcare organizations are more inclined than those in other sectors to fulfill ransom demands, even if there’s no assurance of data being decrypted and cyber attackers not attempting another breach.
The route to compromise
While internal problems such as human error and IT failures accounted for 26% and 22% of healthcare incidents, respectively, 52% of breaches were credited to malicious actors.
As mentioned in a study by the Office of Information Security and the Health Sector Cybersecurity Coordination Center (HC3), prevalent attack paths in healthcare involve social engineering, phishing attacks, business email compromise (BEC), distributed denial of service (DDoS), and botnets.
Breaching through any of these paths offers cybercriminals the opportunity to upload and deploy ransomware. In incidents such as phishing or email compromise, it may take days, weeks, or even months before organizations realize they’ve been breached.
Lack of sufficient IT staff also facilitates attackers breaching healthcare networks. According to a recent report from CDW, only 14% of healthcare organizations claim their IT security teams are adequately staffed. Over half acknowledge the requirement for more assistance, and 30% admit to being insufficiently staffed or severely short-staffed. This leaves several companies in a constant state of cybersecurity triage, keeping them a step or more behind malevolent actors.
Read the Cost of a Data Breach Report
The objectives of attackers
Attackers aim to encrypt and remove any data, making it difficult for healthcare establishments to perform critical functions or exposing them to regulatory breach.
This encompasses electronic medical records (EMR) containing patient data including therapy plans, financial particulars, insurance specifics, or social security numbers. Intruders might also impede staff from accessing essential tools such as scheduling software or cut off ties with crucial cloud services.
In essence, attackers want anything they can trade and anything they can exploit to incite immediate response. Take a financial institution for example. If secure documents are breached, financial entities could suffer financial losses and damage to reputation. On the flip side, in healthcare, a breach could result in severe harm or even fatalities – noteworthy occurrences that hinder organizations from regaining a reputable standing in the industry.
Imitation is the sincerest form of hacking
Ransomware assaults are on the incline partly because hackers are observing repeated success.
For instance, in February 2024, Change Healthcare underwent a ransomware attack orchestrated by a group, BlackCat. Rather than risking losing vital data, Change remitted $22 million to the attackers. A recent NPR article estimates the company’s total losses from the event will likely exceed $1.5 billion.
Three months later, a different ransomware entity targeted Ascension, a Catholic health network with 140 hospitals across 10 states. Care providers were locked out of critical systems used to monitor and coordinate patient treatment, encompassing data about medications, dosages, and possible adverse reactions. Reverting to paper alleviated the impact on Ascension but significantly hindered operational processes.
The persistent success of ransomware attacks poses a window of opportunity for both adept cyber attackers and less proficient ones – seasoned individuals can craft their code and merge it with existing malware tools, whereas individuals lacking skills can procure pre-built ransomware packages on illicit online markets.
Methods for healthcare businesses to diminish ransomware risks
Dampening the likelihood of ransomware risks demands a two-pronged strategy involving shielding and detection.
Protection encompasses leveraging anti-spoofing and email authentication tools that can curtail the influx of deceptive messages reaching user inboxes. For instance, organizations can flag specific phrases like “urgent action” or “funds transfer” to curb the threat of phishing attempts.
Artificial intelligence (AI) and automated tools can expedite the time taken by organizations to detect and mitigate attacks. Per Brendan Fowkes, Global Industry Technology Leader for Healthcare at IBM, healthcare businesses employing AI and automation tools could pinpoint and contain incidents 98 days quicker than the norm. Furthermore, entities utilizing these solutions saved an average of nearly $1 million.
Heed the ‘ware
Ransomware assaults on healthcare firms are elevating as cyber wrongdoers acknowledge the significance of operational and patient data in inducing action from affected entities.
Although total elimination of ransomware risk is impractical, companies can attenuate their susceptibility to compromise by integrating email shield tools with AI detection solutions capable of automating key processes and detecting potential threats before they endanger crucial patient information.