By Cecil Pineda
With healthcare organizations facing a surge in ransomware attacks, providers who are victims of such attacks are confronted with a difficult decision – whether to pay a ransom or resist.
At one end of the spectrum, paying the ransom can quickly restore critical operations and protect patient information, potentially preventing severe disruptions in care. On the other end, paying potentially encourages further attacks and maintains the possibility that attackers may not fully restore access or may demand additional payments.
Ad Statistics
Times Displayed: 16521
Times Visited: 475 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
Recently, there has been ample news about healthcare ransomware attacks. Among the more notable ones, Change Healthcare paid a $22 million ransom and still did not receive its data back. Separately, Cencora, the drug distributor formerly known as AmerisourceBergen, paid a record $75 million in ransom, marking the largest known cyberextortion payment ever recorded.
One thing that is not in question is that healthcare organizations are under threat from ransomware attacks like never before. Worldwide ransomware attacks against the healthcare sector nearly doubled from 2022 to 2023, with a total of 389 claimed victims in 2023, according to the U.S. Office of the Director of National Intelligence (DNI). In the U.S. alone, attacks against the healthcare sector grew 128% to 258 victims in 2023.
When hospitals are attacked by ransomware attacks, the consequences can be dire, potentially resulting disrupted patient care, including delayed medical procedures and strained acute care delivery and capacity, according to DNI.
Why healthcare?
Primarily, prominent threat actors understand that healthcare organizations place a high priority on patient safety and continuity of operations - meaning that healthcare institutions are more likely to respond to cyber extortion threats.
Healthcare organizations hold a large amount of protected health information, which is particularly valuable to criminals, making them more alluring targets for bad actors. Businesses will consider paying to protect this information from being published online.
This industry is particularly vulnerable to ransomware attacks due to a mix of old and new technologies. For example, hospitals often operate numerous legacy information systems that are vulnerable, in some cases because they are no longer being serviced by vendors. Hospitals are also highly dependent on newer technologies, such as devices connected to the Internet of Things (IoT), whose sheer number creates vulnerabilities.