Ransomware: Is Your Healthcare Organization Prepared For An Attack?

February 2023

By Jody Randall MSN, RN, CIC, HACP-CMS, HACP-PE

CEO and Founder

The impact of a cyberattack on any organization can be detrimental. The healthcare industry has become a popular target for ransomware attacks.

It is important to understand that these types of attacks are not typically done by random, tech savvy individuals. On the contrary, cyberattacks are executed by large corporations in a number of different countries across the world who orchestrate ransomware attacks on a daily basis.

Cyberattacks in the healthcare industry are becoming more common than every before:

•  Listed as Number One hazard in Top 10 Health Technology Hazards for 2022 (ECRI 2022 - The Joint Commission Tabletop Exercise 1/31/23)
• 555 Healthcare data breaches from hacking/IT incidents in 2022 (HIPPA Journal, 1/24/23 - The Joint Commission Tabletop Exercise 1/31/23)
• Ransomware attacks on healthcare organizations increased by 94% year over year, according to the 2022 State of Ransomware Report from cybersecurity firm Sophos” (HIPAA Journal, 2022) .
• 86% Increase against Healthcare Organizations in 2022 vs 2021 (Check Point Research, 1/5/23 - The Joint Commission Tabletop Exercise 1/31/23)

Impact of Cyber-attacks on Healthcare Delivery Organizations: (Ponemon, Sept 2021 - The Joint Commission Tabletop Exercise 1/31/23)

• 70% Delays in procedures and tests have resulted in poor outcomes
• 36% Increase in complications from medical procedures
• 22% Increase in mortality rates

What makes healthcare organization a popular target is the knowledge that healthcare providers strive to keep patient records confidential. Additionally, providers are held accountable when protected health information is breached. In such cases, healthcare organization not only face legal and financial consequences and can suffer from bad press related to such events leading to loss of credibility in a highly competitive healthcare market.  

We may never be fully prepared to ward off these types of attacks but there are some measures that can be taken to reduce the risks associated with cyberattacks. Your IT Department is likely already knowledgeable of safeguards needed for protection but it is critical to ensure that software backups are in place and that devices and networks are protected.

 Education of staff is another key element to protecting your organization. Development of policies and procedures is a must when it comes to software security and safe practice. Another important consideration is to practice down-time drills. Training your staff to be able to continue care when systems are down will help to prepare for the real experience. It seems like a simple drill but it is important to consider that this can be anxiety producing for team members who have only been trained on to work on electronic devices.

Being held hostage by attackers is likely one of the most stressful events a healthcare organization can experience. The threat of breaching countless medical records containing personal and protected health information can create major anxiety for any healthcare facility or system. When this occurs, demands for astronomical payments for the release of records comes at an unaffordable cost to victims.

Aside from the unimaginable stress associated with these types of events, organizations should be prepared to ensure extended periods wherein they are forced to operate in down-time mode while recovery efforts are in progress.

There are a variety of security risk assessment tools on the market today. Some are offered for a fee and others are available in the form of a free trial. HealthIT.gov offer this security risk assessment tool which can be easily downloaded.

Whatever method you choose, there is no time like to present to begin protecting your organization from a brutal ransomware attack. You can’t afford to get caught unprotected. Start planning today.

References:

https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool

https://www.hipaajournal.com/healthcare-ransomware-attacks-increased-by-94-in-2021/

The Joint Commission - Cybersecurity Tabletop Exercises, 1/31/23

HCE is Here to Help
Healthcare Consulting Experts LLC was built based upon our understanding of the challenges that all healthcare facilities are facing today. Healthcare professionals strive to deliver the best possible care to all patients. We can help your facility through the difficult times and put you back on track to a less stressful tomorrow.

Don’t take chances! Our experts can assist with regulatory compliance requirements for whether you are building a new, state of the art project or renovating an existing structure. Be sure to visit Our Website to see a full list of the services that we provide.
Contact us today at +1 (800) 813-7117 for a free initial consultation.

Please join us by clicking on any of the icons below to leave a comment or for more informati on and updates: 

Click Here To Subscribe To Our Monthly Newsletter