The global healthcare industry has grown in size as a result of the Covid-19 outbreak, as consumers sought safe ways to get treatment. According to a new analysis by Sophos, a cyber security organization, fraudsters are actively targeting the expanding health sector. According to a new analysis titled “The State of Ransomware in Healthcare 2022,” ransomware assaults on healthcare companies increased by 94% in 2021.
In 2021, 66% of healthcare businesses was hit by ransomware attacks, compared to 34% in 2020. The good news, according to Sophos, is that healthcare institutions are improving their response to ransomware assaults. After cybercriminals encrypted their data during the attacks, over 99 percent of healthcare companies who were struck by ransomware were able to recover at least some of their data.
According to John Shier, a senior security specialist at Sophos “Ransomware in the healthcare space is more nuanced than other industries in terms of both protection and recovery. The data that healthcare organizations harness is extremely sensitive and valuable, which makes it very attractive to attackers.”
Surprisingly, more healthcare businesses (78%) are opting for cyber insurance, but 93 percent of those having insurance coverage say getting policy coverage has become more difficult in the previous year.
Shier also said that “In addition, the need for efficient and widespread access to this type of data – so that healthcare professionals can provide proper care – means that typical two-factor authentication and zero trust defense tactics aren’t always feasible. This leaves healthcare organizations particularly vulnerable, and when hit, they may opt to pay a ransom to keep pertinent, often lifesaving, patient data access. Due to these unique factors, healthcare organizations need to expand their anti-ransomware defenses by combining security technology with human-led threat hunting to defend against today’s advanced cyber attackers,”
The following practices have been advocated by Sophos for all enterprises in all sectors:
- Set up and maintain high-quality defenses throughout the organization’s environment. Regularly review security controls to ensure they continue to satisfy the organization’s demands.
- Harden the IT environment by looking for and closing key security gaps
- Make backups and practice restoring from them so that the organization can get back up and running as quickly as possible with minimal downtime
- Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) specialist
- Prepare for the worst. Know what to do in the event of a cyber-attack and keep the plan updated.
For more such updates, keep reading on techinnews.com
