Ransomware encrypts files and effectively locks users out of their computers and data. Those behind this type of cybersecurity attack then ask for money – ransom – in exchange for your data. It is estimated that 7.4 million new malware programs will be released in 2017. That’s about 850 per hour.
Most ransomware is delivered in an email. In healthcare systems, ransomware can make its way in through common programs like electronic health record and billing systems. Most ransom is paid in bitcoin, making it difficult to track criminals once the ransom has been paid.
1. Ransomware Halts Patient Care
Hospitals across England and Scotland were forced to cancel routine procedures and divert emergency cases after a May 12, 2017 Ransomware attack that affected 99 countries. X-rays were halted. Chemotherapy treatments were put on pause. Records necessary to perform surgery were inaccessible. Critical test results were inaccessible. Affected healthcare workers stated that they were not aware of the issues with dated hardware, software and cybersecurity measures until the attack had already compromised patient care.
2. Ransomware Compromises Patient Records
Records for over 200,000 patients were leaked in a ransomware attack on Atlanta-based Emory Healthcare on Jan. 3, 2017. Files included names, addresses, emails, birth dates, medical record numbers and cellphone numbers. Medical record breaches have also caused leaked mental health and medical diagnoses, HIV statuses and sexual assault and domestic violence reports. Weather or not the records were used by criminals, the Emory Healthcare’s patients suffered breach notifications, loss of trust and ultimately more barriers to healthcare.
3. Cybersecurity Attacks Cause Financial Loss
Remember those leaked patient records? A recent study conducted by the Ponemon Institute for IBM estimated that breaches cost U.S. companies on average over $7 million per breach. That’s an average of $215 per breached record. Additionally, companies like Merck had their supply chains for distribution of medical products disrupted by ransomware in June 2017.
Prevent Ransomware Attacks with Cybersecurity Assessments
It is the current recommendation of the FBI that public and private health entities have their networks checked for vulnerabilities by a professional and then work with internal or 3rd party teams to resolve issues and maintain a secure posture.