Enhancing Ransomware Defense

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

Recent research conducted by Arete and Cyentia Institute sheds light on the ransomware landscape within the healthcare sector. The study reveals that healthcare organizations are more likely to pay ransoms than other industries. Additionally, the report highlights the low adoption of multi-factor authentication (MFA) and emphasizes the need for improved cybersecurity measures in the healthcare sector. Let’s look at some of the key findings and recommendations.

Ransom Payment Trends

Between May 2019 and May 2022, healthcare organizations accounted for 13% of all ransomware events, positioning them as the second-most likely industry to pay a ransom. Only technology and social media firms surpassed them, with a payment rate of 84.3% in the cases they faced. While professional services firms, public services, and manufacturing encountered ransomware more frequently, healthcare firms were more inclined to comply with the attackers’ demands.

One possible factor contributing to this tendency is the relatively lower average ransom demand in the healthcare sector, standing at $132,800. However, it is crucial to note that this figure represents the mean demand, with extreme cases having demands as high as $3.4 million that skew that average.

The typical payment made by healthcare organizations amounts to $63,800. Despite these lower demands, extreme payments within the healthcare sector are approximately 14 times the size of standard payments.

Importance of Multi-Factor Authentication (MFA)

The report highlights the need for more robust cybersecurity measures in healthcare businesses. Surprisingly, and alarmingly, only 19% of healthcare organizations had implemented multi-factor authentication (MFA) across their systems. However, those that did utilize MFA experienced significant benefits. The presence of MFA reduced ransom payments to just over a third of the initial demand and decreased the likelihood of paying altogether by 52.5%. This underscores the importance of robust authentication protocols to enhance defense against ransomware attacks.

Backup Practices and Payment Behavior

While having regular backups is essential for data protection, the study found that merely relying on backups did not significantly reduce the likelihood of paying ransoms. Healthcare firms with backups typically paid 41.9% of the original demand and were 78.5% likely to comply with the attackers’ requests. The report emphasizes that performing backups alone is insufficient to effectively counter ransomware threats.

Phishing as the Primary Attack Method

Phishing emerged as the most common method employed by cyber attackers to gain unauthorized access to healthcare systems, accounting for over half (50%) of all cases. Enhancing employee training to identify and avoid or stop common social engineering schemes can substantially mitigate more than 80% of phishing-related incidents. Promoting a culture of awareness and vigilance among team members is crucial to fortify the defenses against phishing attacks.

This research highlights the alarming trend of healthcare organizations being more prone to paying ransoms. It emphasizes the need for healthcare businesses to strengthen their cybersecurity posture by adopting multi-factor authentication, implementing comprehensive backup strategies, and enhancing employee training to combat phishing attacks effectively. By taking proactive measures to fortify their defenses, healthcare organizations can better protect their critical systems and sensitive data from ransomware threats.

This article was originally published on HIPAA Secure Now! and is republished here with permission.