The Nightmare of Health Institutions: Ransomware Attacks and Payments

Affecting many different sectors in the business world, digital transformation not only automates workflow and increases productivity, but also creates a series of cyber attack risks. The use of IT systems by institutions in matters such as process automation, system integration, and data sharing causes an increase in the number of attack vectors, which in turn results in larger attack surfaces. As a result, institutions face significant cybersecurity challenges that they have to deal with.

Health institutions are not an exception in terms of cyber threats and data security breaches. On the contrary, health institutions are one of the most common industries exposed to cyber threats. Hospitals and various healthcare facilities are frequently targeted by hackers due to the medical data stored there. How do health institutions act, then, in such situations and how should they act?

Health Institutions Choose to Pay Ransom in the Face of Cyber Attacks

The 2022 report by Sophos reveals how ransomware attacks and payouts for these attacks vary on a sectoral basis. According to the report, ransomware attacks targeting global health institutions increased by 94% in 2021. Moreover, the rate of those who chose to pay ransom among the targeted health institutions almost doubled.

The report shows that two in three global health institutions faced ransomware attacks by hackers in 2021, which was one in third in 2020. On the other hand, while only 34% of the health institutions attacked in 2020 paid the attackers, this rate increased to 61% in 2021. It is also important to note that only 2% of the institutions participating in this research were able to get all their data back after paying the ransom.

To elaborate on the subject a little more, the report states that the average cross-sectoral cyber-attacks volume is 57% while the complexity is 59%. The percentage of health institutions hit by ransomware is 69% while the complexity is 67%. In addition, the global average of cyber-attack impact is 53% while this rate increases to 59% in the healthcare sector. With this rate, the healthcare industry comes in second place globally.

Additionally, health institutions pay an average of $1.85 million for a week-long ransomware attack. This causes health institutions to rank second in ransom payments and data recovery costs.

Cyber Threats Leave Health Institutions in a Difficult Situation

In the age of globalization, many health institutions face serious access security problems against cyber threats. For example, Omnicell, a multinational health technology company, was hit by these attacks in May 2022. In a written statement, the company stated that they were hit by ransomware, which resulted in a data breach compromising all their internal systems.

Stating that the company's quarterly 10-Q files were compromised through a ransomware attack, Omnicell announced that sensitive data stacks within the company became vulnerable to potential cyber-attacks. The Omnicell case, however, was not the first ransomware attack targeting health institutions in the United States this year. Oklahoma City Indian Clinic (OKCIC) also reported that they were attacked by ransomware and the medical data of 40,000 people was stolen.

In addition, it should be noted that cyber attackers do not only target hospitals and health units, but also private institutions providing health services. A health institution serving in Arkansas, Kentucky, and Mississippi, ARcare announced that they experienced a data breach involving the personal data of potentially 345,000 people.

Reporting a data security incident on February 24, 2022, which adversely affected computer systems and caused a temporary interruption in health services, ARcare launched an investigation to secure the IT infrastructure and determine the cause of the attack. On March 14, after the investigation, it turned out that a hacker had access to the entire IT network of ARcare from January 18, 2022, to February 24, 2022.

As a result of this cyber attack, the names, social security numbers, driver's license numbers, state identification numbers, date of birth, financial account information, medical treatment information, prescription information, medical diagnosis information, and health insurance information of 345,000 people were exfiltrated from the ARcare databases. ARcare stated that they were unaware of any misuse of the stolen data.

Precautions to Avoid Paying Ransom

Health institutions need to find a balance between providing high-quality health services, implementing an advanced cyber-security protocol, and protecting patient data in the best possible way.

Patient data and protected health information are among the first elements defined as sensitive data by governments and international regulations. Aware of the value of the data, cyber attackers do not hesitate to target health institutions.

So, what can health institutions do to properly preserve patient data, provide secure access, and avoid paying ransom after an attack? We can find answers to this question just with eight steps.

1. Explore all your data. If you do not know what you have, you cannot protect it. You must first explore patient data, organized data, dark data, etc., and then identify the data stack available in your IT infrastructure. This is the first step you need to take to integrate privacy, security, and management.
2. Adopt next-generation data classification methods. You can use machine learning to automatically classify all sensitive and high-risk data by legislation, document type, policy, qualification, person, and more.
3. Enforce data retention and non-retention policies. You can apply automatic policies for data retention rules. With data aging in mind, you can automate your workflow, label the data you will retain, enter how long you will retain it in the system, and mark over-retained data for deletion.
4. Protect critical data. Proactively identify and protect critical patient data. Delete the unnecessary, old, and unimportant data to reduce the risk of a data breach. Identify data with legal safeguards to comply with legal requirements.
5. Take action to fix high-risk data. Use improved workflows to fix critical data and delegate decision-making to the right people. Examine findings across all your data sources as well as structured and unstructured data.
6. Track file access. Monitor privileged users with access to sensitive data 24/7.
7. Simplify your incident response plan. Accurately identify users affected by the data breach and design your incident response plan in a simple yet effective way.
8. Assess and rate the risk. Adopt a risk-focused approach to personal data to act proactively while mitigating risk. Rate the risk based on parameters such as data type, source, and location.

Health institutions can take advantage of Privileged Access Management practices to avoid paying ransom for ransomware attacks. Single Connect is the perfect fit for protecting health institutions against ransomware attacks when it comes to data and access security over privileged accounts. Kron’s Single Connect was also featured in the Privileged Access Management (PAM) reports prepared by Gartner, KuppingerCole and Omdia which takes a snapshot of the Privileged Access Management industry.

If you want to explore the advantages of Single Connect to protect your health institution against ransomware attacks, you can check our PAM solutions in detail, and contact our team to learn more about Single Connect.