News Feature | August 9, 2016

Healthcare Organizations 114 Times More Likely To Be Attacked Than Banks

Christine Kern

By Christine Kern, contributing writer

Healthcare Attacks

Healthcare accounts for 7.4 percent of client base but had 88 percent of ransomware attacks.

Healthcare organization’s computer networks are 114 times more likely to suffer ransomware attacks than those at financial institutions and 21 times more likely than schools and universities according to research from security firm Solutionary. CSO reported while healthcare accounts comprise 7.4 percent of Solutionary’s client base, those accounts experienced 88 percent of the ransomware infections in the first six months of 2016.

“These numbers do not count all of the email delivery or exploit kit activity that happens pre-infection and would be attempts to deliver ransomware,” threat intelligence analyst Terrance DeJesus said. “These are confirmed ransomware outbreaks on directly affected systems.”

The report also found successful attacks are increasing by 198 percent between February and May of 2016, the result of more attacks and better detection, according to DeJesus, who added ransomware isn't just about the money. If attackers have other goals in mind besides making a profit, infections could be a lot more dangerous.

“I think the future of ransomware will definitely continue to grow and develop,” DeJesus said. “Hacktivists will use ransomware for other reasons which don't involve monetary gain, and it might be even more difficult to give them what they want.”

Ransomware is a growing cybersecurity issue for all industries, but healthcare is particularly vulnerable due to the sensitive nature of data it handles and the fact healthcare has been generally slow to respond to cybersecurity issues and upgrades. HHS’ Office for Civil Rights recently issued draft guidance to help healthcare organizations tackle ransomware threats head on.

In fact, according to The Ponemon Institute, “Ninety-one percent of healthcare organizations reported at least one data breach in the past two years, and more than 60 percent of hospitals have no breach response in place.” That means healthcare organizations need to be fully cognizant of their efforts to forestall cyberattacks before they can be launched.

It’s not just ransomware, but other cyber threats have healthcare in their sights. As Bill Virtue, Security Engineering Specialist with PC Connection, Inc. told Health IT Outcomes, “Although Ransomware is getting top billing in the healthcare security market, it is important for providers to understand what other vulnerabilities their systems are exposed to, making a comprehensive vulnerability assessment critical. There are other security challenges such as Data Loss Prevention, a concern for anyone who maintains patient data and Access Controls, which provides users with access to only the data they need. These are two areas that are still not fully implemented or difficult for providers to get their arms wrapped around.”