Ransomware
Ransomware attacks are among the most prevalent cyberthreats in use today. In a ransomware attack, a criminal takes over an organization’s network, usually by coaxing an employee into clicking on a phishing link. From there, the criminal locks all employees out of the network and demands that a ransom be paid to unlock the systems and the data they hold.
A recent study by the Journal of the American Medical Association (JAMA) found that the annual number of ransomware attacks on healthcare organizations more than doubled from 2016 to 2021, exposing ePHI of nearly 42 million people.4 JAMA concluded that ransomware attacks on healthcare are increasing in frequency and sophistication.
ePHI at Risk
Ransomware attacks are particularly hazardous for the healthcare industry because they put patients’ ePHI at risk and could open providers up to legal action. ePHI is incredibly valuable because it essentially has everything a criminal needs to steal a person’s identity. Healthcare records are sold on the dark web for up to $1,000.5 Credit card information, by comparison, only sells for up to $110 on average.
Cybercriminals know that putting ePHI at risk can be highly damaging for healthcare providers, and that’s why they are being targeted with ransomware, noted Grantz. “Healthcare organizations pay the requested ransom at a much higher percentage than any other industry,” he said.
58% of ransomware attacks on the healthcare industry impacted clinics of all specialty types.
– The Journal of the American Medical Association
Ransomware Evolution
Ransomware attackers seem to be changing strategies in 2023. Critical Insight noted that some criminals are deploying “double extortion,” in which they demand one payment to unlock the system and another to regain the stolen data. Conversely, others are shifting away from encrypting providers’ computer systems only demanding payment for stolen data. Some of these criminals are even extorting patients for money.
Medical records are selling for nearly $1,000 a pop on the dark web. That is why these breaches are happening every single day. Think about how many patient records you have in your practice management system. Think about how many records you have, and multiply that by $1,000. You quickly begin to realize that your patient records are actually one of the most valuable things within your practice.
Terry McDonald, Director of Compliance Solutions, Rectangle Health
Pro Tip
Cybercriminals targeted backup repositories in 93% of incidents and 76% of organizations lost at least some of their data, according to the Veeam 2023 Data Protection Trends Report. You must ensure your backups can’t be deleted or corrupted.6
Continue Reading: Common threats