27% of Healthcare Companies Have Suffered a Ransomware Attack in the Previous Year

Dec 21, 2018


As per a new report from Kaspersky Lab, 27% of healthcare workers said their company had suffered at least one ransomware attack in the preceding year and 33% of those respondents said their company had suffered many ransomware attacks.

In its statement – Cyber Pulse: The State of Cybersecurity in Healthcare – Kaspersky lab clarified that up until January 1, 2018, the U.S. Division of Health and Human Services’ Office for Civil Rights has been informed of over 110 hacking/IT-related data breaches that have affected over 500 people.

The effect of those breaches can be severe for the companies concerned. Not only can breaches lead to millions of dollars in costs, but they can also lastingly damage the status of a healthcare company and can lead to harm being caused to patients.

To examine the status of cybersecurity in healthcare, Kaspersky Lab appointed market research company Opinion Matters to carry out a survey of healthcare workers in the United States and Canada to study the views of healthcare workers concerning cybersecurity in their company. 1,758 U.S. and Canadian healthcare workers were surveyed.

81% of small healthcare companies (1-49 workers), 83% of medium-sized healthcare companies (50-249 workers), and 81% of big healthcare companies (250+ workers) said they had suffered between 1 and 4 ransomware attacks.

The cost of alleviating ransomware and malware attacks is substantial. As per the Ponemon Institute/IBM Security’s 2018 Cost of a Data Breach Report, the average price of a data breach has now increased to $3.86 million. Kaspersky Lab’s 2018 Price of a Data Breach Report places the average price at $1.23 million for companies and $120,000 for SMBs.

Although cybersecurity is significant for decreasing financial risk, 71% of healthcare workers said it was vital for cybersecurity measures to be applied to safeguard patients and 60% said it was vital to have proper cybersecurity solutions in place to safeguard people and businesses they work with.

Although healthcare companies have invested heavily in cybersecurity, a lot of workers lack trust in their company’s cybersecurity policy. Only 50% of healthcare IT employees were confident in their cybersecurity policy that decreased to 29% for management and doctors, 21% for nurses, 23% for finance division workers, and 13% for the HR division.

A lot of healthcare workers seem to have a wrong sense of safety. Although healthcare data breaches are being informed on a daily basis, 21% of respondents had total faith in their company’s capability to avoid cyberattacks and didn’t believe they would experience a data breach in the coming year.

While 73% of surveyed workers said they would inform their safety team if they received an electronic mail from an unknown person requesting PHI or login identifications, 17% of workers said they would do nothing if they got such a request. 17% of workers also acknowledged having received an electronic mail request from a third-party seller for ePHI and provided the ePHI as requested.

“Healthcare firms have become the main target for cybercriminals because of the successes they’ve had, and recurrently have, in attacking these companies. As companies look to improve their cybersecurity policies to justify worker confidence, they should examine their method,” clarified Rob Cataldo, VP of enterprise sales at Kaspersky Lab. “Business leaders and IT workers need to work together to produce a balance of training, education, and safety solutions strong enough to control the danger.”