Ransomware has affected healthcare for decades, but organizations have become increasingly vulnerable as attackers have become brazen and more sophisticated.
There’s a financial and reputational impact: One health system had to settle with 126,000 patients for up to $3,000 each following a 2020 incident. And there’s an operational impact: Two hospitals in Connecticut had to divert ambulances and close multiple outpatient facilities while computers were down earlier in 2023.
Remediation can be costly. Not only do healthcare organizations need to get core business applications up and running again, they also need to recover lost revenue. An NCC Group analysis pegs the potential overall loss from a single ransomware attack at 30 percent of annual operating income. For one hospital — St. Margaret’s Health in Illinois — the financial impact of a 2021 ransomware attack was enough to force the institution to close for good.
“The cost is only going up,” says Jon Nelson, a principal advisory director in the security and privacy practice at Info-Tech Research Group. “The ransom cost is increasing, and cleanup isn’t as simple as getting a decryption key. Once systems are back online, corruption and integrity issues remain.”
The most effective prevention and mitigation strategies against ransomware require a top-down approach that includes executive buy-in, end-user awareness and strong partnerships with technology vendors. It’s a tall order, but it can be the difference between a severe attack and a minor one.
Click the banner to get the expertise you need to strengthen your ransomware protection capability.