At its basest level, ransomware is a form of kidnapping. Hackers effectively “kidnap” a business’s data and information systems and threaten to destroy it unless the business pays a ransom for its safe return. Businesses with mission critical timelines, including hospitals and medical centers, typically have little choice but to pay the ransom in order to prevent downtime and recover their operations.
Ransomware is also much more than just an outlier on the spectrum of different types of cyberattacks that have been launched against businesses. In 2015, between 23,000 and 35,000 ransomware attacks were detected every month. That number grew through 2016 along with payments made by businesses that suffered ransomware attacks. Cyberthieves collected an aggregate of more than $200 million in 2016 from businesses that willingly paid the ransom to free up their data and systems. Recent data from 2017 reveals that cyberthieves have become more sophisticated and have increased their usage of ransomware tools that can be purchased over the dark web. A single attack in 2017 is believed to have launched more than 2 million attempted ransomware incursions every hour. With these statistics, it is only a few rare computers and networks that will not have experienced a ransomware attack.
Healthcare and hospital networks are prime targets for these attacks. A patient whose medical service provider is unable to access critical patient information can be in a life-or-death situation unless the healthcare network is rapidly recovered and brought back on line. Cyberattackers take advantage of this urgency and realize that hospitals have greater incentives to pay a ransom to recover their systems and operations. Moreover, hospital networks operate on a 24-hour basis and are rarely taken down for maintenance and updating that might include patches for security holes. Ransomware attacks frequently take advantage of holes in networks that have not been patched with regular updates, and hospitals and medical centers are more likely than businesses in other industries to have failed to close those holes.
Reports from hospitals that have been hit by ransomware reveal that the healthcare industry’s susceptibility to ransomware attacks is more than just idle speculation. In March 2016, for example, MedStar Health, a healthcare system with facilities in the District of Columbia and Virginia, was forced to turn some patients away and to treat others without any access to their healthcare files after a ransomware attack froze the systems at ten of the provider’s hospitals and more than 250 of its outpatient centers. The hackers who launched the attack demanded almost $20,000 in ransom to release it. MedStar Health downplayed the severity of the attack and recovered enough of its operations to reopen with 48 hours, but providers within the system reported that losing access to digital patient records had the potential to compromise the safety of the system’s patients.
Preventing or at least limiting the damage from a ransomware attack is a function of following basic cybersecurity strategies, including installing all updates and patches in operating systems and software when they are released. Educating employees about the dangers of opening attachments in emails from unknown sources is equally important.
The risks of experiencing a ransomware attack can be reduced, but can never be completely eliminated. If and when a ransomware attack does freeze a business’s networks and information systems, a robust backup system will help the business to recover its operations more quickly and effectively. Cybersecurity insurance can also help a healthcare facility in to recover at least a portion of its direct losses and third party liabilities associated with a ransomware attack. Cybersecurity in healthcare is a critical component in the delivery of safe and effective medical services. Cybersecurity insurance provides the assurances that a healthcare facility needs to maintain a healthy cybersecurity environment.