Cyber attacks on healthcare organizations have increased in recent times. Trend Micro data shows that 86% of global healthcare organizations compromised by ransomware suffered operational outages. Cybercriminals use ransomware malware to alter your device files and make the devices inaccessible to the user until the ransom is paid. They may lock your applications or threaten to leak your confidential data online, or sell them to another malicious agent. This is the most common way cybercriminals make money.
57% of global healthcare organizations acknowledge being compromised by ransomware over the past three years, according to the study. Of these, 25% say they were forced to halt operations completely, while 60% reveal that some business processes were impacted as a result.
On average, it took most responding organizations days (56%) or weeks (24%) to restore these operations fully.
Ransomware is not only causing the healthcare industry significant operational pain. The Trend Micro data also states that 60% of responding healthcare organizations say that important data was also leaked by cybercriminals. This creates compliance and reputational risk, as well as investigation, remediation, and clean-up costs.
Respondents to the study also underline supply chain weaknesses as a major challenge. Specifically:
- 43% say their partners have made them a more attractive target for attack
- 43% say a lack of visibility across the ransomware attack chain has made them more vulnerable
- 36% say a lack of visibility across attack surfaces has made them a bigger target
The good news is that most (95%) healthcare organizations say they regularly update patches, while 91% restrict email attachments to mitigate malware risk. Many also use detection and response tools for their network (NDR) endpoint (EDR) and across multiple layers (XDR).
However, the study also highlights potential weaknesses, including:
- A fifth (17%) don’t have any remote desktop protocol (RDP) controls in place
- Many HCOs don’t share any threat intelligence with partners (30%), suppliers (46%) or their broader ecosystem (46%)
- A third (33%) don’t share any information with law enforcement
- Only half or fewer HCOs currently use NDR (51%), EDR (50%), or XDR (43%)
- Worryingly few respondents can detect lateral movement (32%), initial access (42%) or use of tools like Mimikatz and PsExec (46%)
“In cybersecurity we often talk in abstractions about data breaches and network compromise. But in the healthcare sector, ransomware can have a potentially very real and very dangerous physical impact,” said Bharat Mistry, Technical Director at Trend Micro.
“Operational outages put patient lives at risk. We can’t rely on the bad guys to change their ways, so healthcare organisations need to get better at detection and response and share the appropriate intelligence with partners to secure their supply chains.”