New Research: More Than Half of Hospitals Hit With Ransomware in Last 12 Months
Victoria Startseva | Jul 7, 2016
Title: Writer
Topic category: Fabric Networking

“Over half the people we polled indicated that they had some sort of ransomware attack,” said Brendan FitzGerald, HIMSS Analytics Research Director for Advisory Solutions.

What’s more, another 25 percent are either unsure or have no way of knowing whether ransomware attacks were perpetrated against them or not.

Taken together, that means approximately 75 percent of responding healthcare entities either were or could potentially have been targeted with a ransomware attack.

While numerous, very few ransomware attacks have been successful to date — which explains why only a handful catch the public’s attention.

Some 50 percent of respondents, in fact, said they are unsure or have no way of knowing if they managed to find such attacks.

How ready are hospitals for a ransomware attack, should it succeed and their data or systems be encrypted?

“Seventy three percent of the health systems we surveyed have a business continuity plan in place, so if something happens they are prepared to address it,” FitzGerald said.

Of the remaining 26 percent, only 3 percent answered that they are unsure, while 23 percent said they do not have a business continuity plan in place should a ransomware attack occur.

“When asked if they would pay the ransom, almost half said they are unsure," FitzGerald said. "That calls into question how solid those plans really are when dealing with ransomware.”

The reality is that many hospital executives cannot easily know up-front whether they will pay or not.

That decision will be determined by various factors, including the scale of the attack, when it was detected, how quickly the business continuity plan kicked in, how widespread the encryption is, and when exactly the last data back-up occurred.

“Some organizations back up data daily. But when you’re talking about an entire health system, there’s no guarantee that the data will get backed up every single day,” FitzGerald said. “Even daily backups can be hit or miss in terms of what kind of data is included, be that lab results, images, or other types.”

“There has been a lot of industry literature around whether or not to pay the ransom, most of it recommending not to,” FitzGerald said. “I think as a last resort there’s that potential to pay a ransom.”

Meaning choosing whether or not to pay the ransom is most likely going to be a game day decision.

To avoid being in that position in the first place, FitzGerald recommended that healthcare executives concentrate on educating end-users above all else because prepared employees, even more than whiz-bang security tools or more frequent back-ups, will be the biggest deterrent to hackers getting in.

Tom Sullivan
Tags: #healthcare
comments powered by Disqus
Learn about Avaya solutions for Heathcare IT
Watch our video: The Future of Healthcare

Visit Avaya's Healthcare Portal and discover:
Support care team coordination by mobilizing staff and improving collaboration. Streamline admitting, prescription, and other workflows—helping to enhance safety and quality.
Deliver better patient experiences and reach more patients in more places with mobility, telemedicine, and proactive patient outreach.
Create better care team utilization through automation and collaboration via telemedicine and virtual healthcare.
Improve security and data protection while keeping information accessible with a network that segments guest WiFi access, medical devices, and payment systems.
Learn more about enhancing and managing your Customer Experience. Review our infographic to learn 6 Critical Trends in Smart Healthcare Technology.

It’s Time for Healthcare IT to Evolve.

Get our whitepaper detailing how applying a Software-Defined Networking model for the network edge can close the Complexity Chasm and help IT organizations enable the latest healthcare innovations securely and simply,

Use Communications Technology to Help Care Teams Collaborate, Increase Productivity, and Drive Better Patient Experiences
Heathcare: The Brave New World of Network Security

Security breaches, such as hospitals being immobilized and held for ransom, were unimaginable a year ago. The FBI recently recognized the significance of the ransomware epidemic and has asked business and software security experts for help. As a result of these trends, cybersecurity is top of mind for IT leaders across the globe in all industries.

Unfortunately, no company is immune from suffering a security breach. Furthermore, there is no one-size-fits-all security strategy. What’s right for you is based on the industry you are in, the data you need to protect, how and when the data needs to be protected, the expectations of your customers, employees, partners and other stakeholders, the regulatory requirements, your network infrastructure, the competitive condition of your market—the list is virtually endless.

The good news is that there are several simple steps that you can take to help protect your enterprise from costly network breaches. At Avaya, we bring the expertise that comes from decades of experience implementing smart, cost-effective network security controls for leading enterprises.

Avaya has delivered advanced security solutions that provide the secure foundation that is leveraged in industries with strict security and compliance requirements, such financial services, healthcare and manufacturing. Avaya secure network infrastructure, based on the industry leading Fabric Connect technology, has stood the test of time against penetration tests administered by financial and government institutions.

To learn how you can implement smart, multilevel security capabilities that simplify access control, overcome the inherent vulnerabilities in the IP protocol and enable new levels of network segmentation and isolation, download ‘The New World of Network Security’ white paper.

Avaya’s industry-leading solutions, such as Fabric Connect, Identity Engines and SDN FxTM Healthcare break new ground in enabling enterprises to mitigate the tradeoffs between security, cost and agility.

To learn more, visit us at the Avaya Technology Forum 2016 in Orlando or Dublin and see our security solutions in action.

In light of highly-publicized data breaches that have shaken some of the world’s top brands, where should IT leaders focus their security efforts?
6 Critical Trends in Smart Healthcare Technology

Did you know?

• 3 out of 4 healthcare providers expect to increase their technology spending from the last year
• 94% of U.S. hospitals surveyed have leaked data in the last two years
• 85% of healthcare organizations surveyed say their doctors are using mobile devices to access patient data
• 87% of consumers said they would seek medical advice through telemedicine

Download the full infographic here for all the trends.

Mobility is becoming increasing important to the evolution of healthcare. The healthcare industry has rapidly been evolving to a digital model. Hospitals and other caregiving facilities are under tremendous pressure to lower costs but are also required to maintain or even improve the quality of patient care. However, the legacy processes in most healthcare institutions were put in place decades ago, and they are slow and error prone.

The key to improving the efficiency of clinicians is to enable information mobility:

echnology powers every piece of the healthcare sector across the world now. Get the top-line trends here.

How technology can create stealthy networking service.

A prime example is health care environments, where the protection of personal medical records and data is government mandated. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) places specific obligations on businesses operating in such environments.

Delivering and maintaining a converged HIPAA-compliant network can be dramatically simplified by leveraging the Avaya VENA Fabric Connect technology to create stealthy networking services. Get our whitepaper...

Download our whitepaper: Leveraging Stealth Networking to Facilitate HIPAA-compliance.