Hospitals are becoming a constant target to ransomware attacks

A recent attack at the Kansas Heart hospitalA 54 bed acute care facility fell victim on May 18. The hospital decided to pay the ransom which the attackers demanded. The attackers later demanded a bigger amount and the hospital decided not to pay.

Is this incident a sign that

some cyber-attackers are

changing their strategies

against health-care entities?

Criminals invest & anticipate returns.

Even if the victim is willing to pay the ransom, it is not assured that the data will be un-locked or handed back.

100 million individuals were affected in 2015 in various massive assaults in the healthcare industry.

This included 79 million people impacted by the Anthem Inc. breach.

The threat drivers:

43% 30%

19% 6%

Providers of healthcare are mandated by HIPAA regulations to:▪protect health IT systems physically▪ensure that PHI is safe on their network devices

Healthcare providers are recommended to:▪use a multi-layered security process, foster partnership with security professionals▪use next generation security solution

Proactive Measures Against Ransomware

Provide healthcare professionals and staff with a training platform that actively engages users to follow security and privacy policies.

Keeping all systems up to date.

"This is a real issue for every CIO. We've heard from one of the large east coast health systems that they turned away over 1 million ransomware emails in the month of March alone", said Leslie Krigstein, vice president of Congressional affairs at the College of Healthcare Information Management Executives, an association of CIOs and CISOs.

Healthcare’s Fight Against Ransomware

61% hospitals are not sure of the location of Personal Health Information (PHI).

69% hospitals lack the proper controls and policies to detect and respond to breaches.

29% hospitalsconsider PHI protection their priority.

Resources:secpod.comcms.govexperian.comhealthcareinfosecurity.comsecureworks.comcynergistek.com