25% of Healthcare Companies Completely Halted Operations Due to Ransomware Attack

Ransomware attacks still trouble the healthcare sector. The attacks interrupt services because vital IT systems are being shut down. Having no access to electronic health records (EHR) may result in patient safety problems, and it is typical to redirect emergency patients to other hospitals right away after attacks and to postpone appointments.

Lately, cybersecurity company Trend Micro performed a study to look at the effect ransomware attacks have on healthcare companies. The study was participated by 145 companies and IT decision-makers within the industry. Sapio Research did a more substantial worldwide study on the ransomware threat participated by 2,958 IT security decision-makers in 26 nations.

Trend Micro’s study shows that 25% of all data breaches today are due to ransomware. From 2017 to 2021, ransomware attacks went up by 109%, and there’s a 13% year-over-year increase in attacks in 2022. These attacks are causing a serious effect on healthcare companies, which are actively attacked by a number of ransomware groups.

57% of healthcare companies stated they had encountered a ransomware attack in the last 3 years. 86% of healthcare companies that experienced a ransomware attack had operational shutdowns because of the attack. 25% of companies that encountered an attack were compelled to totally stop operations. 60% mentioned that certain business functions were interrupted as a result of an attack.

The time to recover from these attacks may be substantial, with healthcare companies facing interruption to their services for prolonged time periods. 56% of companies that participated in the survey stated it took a few days to recoup from the ransomware attack, with 24% indicating it took a few weeks to completely bring back operations following an attack.

Stealing data is now prevalent in ransomware attacks with attackers issuing threats to post or sell the stolen information in case the ransom is not paid. This strategy has become so profitable that a number of cybercriminal groups have left ransomware completely and only steal data and issue threats to publish when payment is not given. 60% of surveyed companies stated sensitive information was stolen and exposed by the threat actors, with the information theft and leakage resulting in reputational ruin, compliance problems, and increasing costs of the investigation, remediation, and clean-up.

The research signifies healthcare companies are proactively countering the threat and improving their security. 95% of surveyed companies mentioned they are patching immediately to handle software vulnerabilities, 91% have put in place extra controls to stop malicious email attachments from landing in inboxes, and adopted enhanced detectors and response solutions for their network (NDR) and endpoints (EDR) is increasing, just like the usage of extended detection and response (XDR) tools.

There is additionally great concern regarding supply chains. 43% of survey respondents stated their partners turned them into more appealing targets for attacks, 43% stated they lack awareness throughout the ransomware attack chain making them more susceptible to attacks. 36% stated the insufficiency of visibility throughout attack surfaces made them a much bigger target.

Nevertheless, the survey showed a number of security gaps. For example, 17% of survey respondents didn’t have any remote desktop controls ready, in spite of RDP vulnerabilities frequently being taken advantage of to obtain initial access to healthcare systems. There is substantial room for development regarding threat intelligence sharing, as 30% confessed to not discussing threat information with partners, 46% never give threat intelligence to suppliers or the broader ecosystem, and one-third (33%) mentioned they never share any data with the authorities.

Merely 51% of companies utilize NDR, 50% employ EDR, and 43% utilize XDR, with just 46% of companies tracking living-of-the-land strategies like the malicious usage of tools including PsExec and MimiKatz. Just 42% claim they could identify initial access and only 32% could identify lateral movement.

In the healthcare industry, ransomware could have a possibly very real and very harmful physical effect. Operational outages endanger patient lives. So healthcare companies must get better at recognition and response and share with their partners the relevant intelligence to protect their supply chains.