Hospitals hit hardest by ransomware attacks, study says

“The biggest mistake they make is paying the ransom.”

Jefferson GrahamUSA TODAY

 

Ransomware attempts jumped 50% in the last three months, over the first half of 2020, and hospitals and health care organizations were the hardest hit, according to a new study by Check Point research.

With renewed focus on healthcare during the COVID crisis, hackers figured out that healthcare organizations were the easiest prey, says Ekram Ahmed of Check Point. 

“They’re the most desperate and willing to pay,” he says.

Ransomware is when hackers invade the network, and take over control, refusing to give back access to the files until they are paid a fee, averaging $1 million to $5 million per hit, says Ahmed.

If they pause your operations, “they can really harm patients,” he adds.

In June, the University of California San Francisco disclosed that it paid $1.14 million to ransomware attackers. In Germany, a woman died when a hospital under a ransomware attack couldn’t admit her. Universal Health Services, one of the nation’s largest health providers, was struck last week. As a result, health care personnel reportedly began keeping records on paper as computer systems began failing over the weekend and some hospitals have sent incoming ambulances to other neighboring hospitals.

The percentage of healthcare organizations impacted by ransomware globally nearly doubled, from 2.3% in the second quarter to 4% in the third quarter. Healthcare was followed by manufacturing, software makers, government/military and insurance and legal firms.

The United States saw 313 attacks in the third quarter, compared to 158 in the previous quarter, very closely followed by 312 attacks in India, compared to 224 in the previous quarter.

Ahmed says that many healthcare organizations use older software that hasn’t been updated, making it easy for hackers to invade. Most importantly, they’re willingness to pay screams to the hacking community that healthcare is a good mark.

“The biggest mistake they make is paying the ransom,” Ahmed says. “It becomes a vicious cycle from there. It funds their research and development.”

Instead, they should prepare by backing up their systems continuously and stand strong, he says.