Data theft and ransomware attacks against healthcare and critical third-party providers are still happening at an alarmingly high rate in 2024, which is shaping up to be as severe as last year—the worst on record for healthcare breaches. You might remember the Ascension ransomware attack from May, one of the most devastating incidents in the healthcare sector, causing major issues for patients. A new report from Microsoft highlights that these attacks not only lead to data theft but also put patients’ physical health at risk.
I’M GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYS
Enter by signing up for my free newsletter!
Impact of ransomware on healthcare
Microsoft points out that, beyond the financial risk to healthcare organizations, ransomware attacks can have life-threatening consequences. When healthcare providers lose access to diagnostic equipment or patient records due to ransomware, patient care is severely disrupted. For example, stroke code activations nearly doubled during hospital attacks, with confirmed strokes increasing by 113.6%. Cardiac arrest cases also rise by 81%, and survival rates drop from 40% to just 4.5%.
Healthcare facilities near hospitals hit by ransomware attacks also feel the impact, facing a surge in patients needing urgent care that they may not be equipped to handle. As a result, patients often face longer wait times.
What’s more troubling is that these attacks aren’t limited to urban areas — rural health clinics are also prime targets for cyberattacks. These facilities are particularly vulnerable to ransomware because they often lack the resources to prevent or respond to security incidents. And since these clinics are the only healthcare option within miles, a successful attack can be devastating for many rural communities.
HEALTHCARE RANSOMWARE ATTACK EXPOSES PERSONAL HEALTH INFORMATION OF OVER 100 MILLION
Why healthcare is the prime target?
Ransomware attacks on healthcare have shot up 300% since 2015, making it one of the top 10 most targeted industries in Q2 2024. This rise is mostly because healthcare organizations store extremely sensitive data, and hackers know there’s big money to be made. With lives on the line, hospitals can’t risk poor patient outcomes if their systems go down — or the exposure of patient data if they don’t pay. This reputation for paying ransoms just makes healthcare an even bigger target.
Some of the blame also falls on healthcare organizations. They tend to have lower cybersecurity budgets compared to other industries, making it harder to defend against these kinds of attacks. Many facilities don’t have staff dedicated to cybersecurity—some don’t even have a chief information security officer (CISO) or a security operations center. Instead, cybersecurity often gets lumped in with regular IT duties. Plus, doctors, nurses, and other healthcare staff might not get any cybersecurity training, so they might not even recognize a phishing email when they see one.
NEARLY 1 MILLION MEDICARE BENEFICIARIES FACE DATA BREACH
7 proactive steps to take in the face of healthcare cyberattacks
With the rise in cyberattacks on healthcare providers, it’s wise to take proactive steps to protect your personal information and be prepared for potential disruptions in healthcare services:
1) Stay informed: Keep up-to-date with the latest news from your healthcare providers and reliable sources to stay aware of any disruptions or data breaches affecting systems and services.
2) Maintain personal health records: Keep copies of your health records on your own devices or printed out, including details like medications, allergies, past surgeries, and other relevant health information. This can be crucial if electronic health records become temporarily unavailable.
3) Prepare for medical emergencies: Have a backup plan for emergencies, including knowing nearby alternative healthcare facilities. Research wait times and accessibility to help avoid delays if your primary facility is impacted.
4) Practice cybersecurity best practices: Use strong, unique passwords for online accounts and consider a password manager to help manage them. Enable two-factor authentication where available to add an extra layer of security.
5) Be vigilant against phishing: Cyberattacks often result in a spike in phishing emails and calls as attackers exploit the situation. Protect yourself by using strong antivirus software on all your devices, which can help block malicious links and detect phishing emails. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (85% off) for the TotalAV Antivirus Pro package.
6) Confirm appointments: If you have upcoming appointments or procedures, contact your healthcare provider to confirm or reschedule if a cyberattack disrupts their normal operations.
7) Monitor patient portals: Keep an eye on patient portals like MyChart for updates on your medical records and communication with healthcare providers, as these can provide critical information during service disruptions.
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
Kurt’s key takeaway
The surge in ransomware attacks on the healthcare industry is troubling and a harsh reminder that criminals don’t care about the lives at risk—they’re just after money. Healthcare organizations need to take lessons from the past two years, investing heavily in cybersecurity infrastructure and hiring dedicated staff to protect patient data and systems. With stronger defenses in place, the goal is to prevent these situations from reaching the point where paying a ransom is even considered.
Have you ever experienced delays or issues with healthcare services due to a cyberattack or system outage? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.