27% of Healthcare Companies Have Encountered at Least One Ransomware Attack Last Year

by

Based on a new Kaspersky Lab report, Cyber Pulse: The State of Cybersecurity in Healthcare, 27% of healthcare workers reported their company had encountered at least one ransomware attack in the last five years and 33% said their company had encountered several ransomware attacks.

In its report, Kaspersky lab mentioned that until January 1, 2018, there were over 110 hacking/IT-related data breaches affecting over 500 people reported to the U.S. Department of Health and Human Services’ Office for Civil Rights.

The effect of those breaches could be considerable for the concerned companies. The resulting costs can reach millions of dollars. The reputation of a healthcare company can be permanently damaged and patients can suffer harm.

To look into the status of cybersecurity in the healthcare industry, Kaspersky Lab assigned market research company Opinion Matters to perform a survey of 1,758 healthcare workers in the U.S. and Canada. The perceptions of healthcare workers concerning cybersecurity in their companies were explored.

Based on the answers of surveyed participants, the following experienced 1 to 4 ransomware attacks: 81% of small healthcare companies with 1-49 employees, 83% of medium-sized healthcare companies with 50-249 employees, and 81% of big healthcare companies with 250+ employees.

The average cost of a data breach, including the mitigation of ransomware and malware attacks, as reported by
the 2018 Cost of a Data Breach Report of Ponemon Institute/IBM Security is $3.86 million
the 2018 Cost of a Data Breach Report of Kaspersky Lab is $120,000 for SMBs and $1.23 million for enterprises

Although cybersecurity is crucial for lowering financial risk, 71% of healthcare workers said it was essential for cybersecurity controls to be applied to secure patients. 60% said it was essential to implement proper cybersecurity solutions to secure people and organizations they work with.

Though healthcare companies have invested much in cybersecurity, a lot of workers do not have confidence in their organization’s cybersecurity plan. The statistics show the following believe in their cybersecurity tactic: 50% of healthcare IT workers, 29% of management employees and doctors, 21% of nurses, 23% of employees in the finance department, and 13% of the HR department employees.

A lot of healthcare workers seem to have a false sense of security. Although healthcare data breaches are reported daily, 21% of survey participants had complete confidence in their company’s ability to protect against cyberattacks and didn’t think they would be affected by a data breach in the coming year.

Although 73% of surveyed workers said they would certainly notify their security team if they got an email from an unidentified person requesting PHI or login details, 17% of workers said they won’t do anything if they got such email. 17% of workers also confessed that they got an email request for ePHI allegedly coming from a third-party vendor and gave the ePHI as required.

Cybercriminals target and repeatedly attack healthcare companies because of the successes they have had. As companies look to enhance their cybersecurity techniques to justify worker confidence, they need to evaluate their approach. Business leaders and IT professionals should join hands to balance training, education, and security solutions and to make them powerful enough to control the risks.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]