In a few seconds longer than the time it takes you to read this one sentence, a ransomware attack will have claimed a new victim. It’s happening every 10 seconds, and according to new research, ransomware attacks increased 50 percent during the third quarter of this year compared to the first half of the year. The U.S. healthcare sector is the primary global target.
So, with that, let me say October is officially Cybersecurity Month.
In healthcare, every month, every day, and every minute should be Cybersecurity Month because behind every breached record is a human life that has been at best disrupted, and at worst destroyed.
I’m sure you’ve read the recent headlines about an attack against hundreds of one health services organization’s hospitals and behavioral health facilities across the country that may have been the Ryuk strain of ransomware.
In some ransomware cases, the disruptions are temporary but complicated, and systems are forced to go offline. In other cases, procedures, surgeries and critical care, as was the case in Germany where one patient is known to have died, have to be put on hold while systems are under siege.
Ransomware itself is a growing business, usually run by organized crime who like the easy money it generates, and they’ve discovered what soft targets hospitals are, especially in the onslaught of COVID-19. And while the actual ransom may not be onerous to some, the reputational damage in a competitive industry, coupled with OCR fines for data breaches if those occur, can be enough to close an organization.
And frankly, primarily… human beings are getting hurt. It’s time to shore up defenses.
Here’s a glimpse at where we are with breach trends in healthcare so far this year.
The Good (or Getting Better than Bad) News
- Overall the number of breach victims has declined 35% when compared with Q3 last year.1
- Email-related healthcare data breaches declined 2% from Q3-2019 to Q3 of 2020. 1
- Healthcare organizations have finally learned to prevent losing data (for example, where did I put my laptop full of PHI?) and improper disposal (such as dumping PHI in a dumpster).1
The Bad News
- Healthcare breaches caused by hacking or IT incidents are up 160% over Q3 2019.1
- US healthcare sector now the most targeted for ransomware.2
- Ransomware attacks on the healthcare sector globally have also doubled.2
- Ryuk ransomware now attacks 20 organizations a week.2
- Threat actors are targeting hospitals with Double Extortion ransomware.3
Don’t think you’re at risk? Think again. Here’s how the year is shaping up just looking at one type of security incident in healthcare – Hacking/ IT Incidents. Below are the number of hacking/IT incidents according to the OCR Breach portal.
Q1 2019 | Q1 2020 | Q2 2019 | Q2 2020 | Q3 2019 | Q3 2020 | Q4 2019 | Q4 2020 |
27 | 81 | 40 | 76 | 58 | 77 | 49 | We’ll see. |
Take a look at the OCR Breach Portal, aka Wall of Shame, and you’ll see in Q3 alone of this year we’ve had a disappointing 88 healthcare breaches affecting 9.5 million human lives.
If you are not familiar with the terms Defense-in-Depth, Security by Design, or Zero Trust, please get familiar.
The best defense really is a good offense, and building privacy and security by design into every action you take can at least make the bad guys work a lot harder.
And, if you’re not actively training your teams to recognize attacks, do so now. Most ransomware attacks find entrance via social engineering and phishing attacks.
If you are realizing you realistically can’t focus the necessary attention on privacy, security, and compliance and still achieve your business objectives, reach out to us at ClearDATA and let us help. The cloud is the right place for your healthcare data, and because we are healthcare exclusive, HITRUST certified cloud experts, we know how to help you protect it from day one for the lifetime of your app using sophisticated automation, remediation, and much more. Learn more here.
Sources: 1) HHS Wall of Shame | 2) Checkpoint| 3) HealthIT Security