With financial impacts as high as $46K per hour, shutting down some or all of operations due to a ransomware attack is not a decision taken lightly by hospitals, but may be the only option.
Organizations in Healthcare have been centered on the cybercriminal’s radar since the beginning of the pandemic. The continued increased reliance on hospitals to address those impacted by the virus has made them an obvious choice for those threat actors that are less than scrupulous.
According to new data found in the report Perspectives in Healthcare Security, it’s very evident that hospitals are very much feeling the pain of cyberattacks:
- 61% of large and 42% of midsize hospitals have experienced shutdowns in the last 6 months, yielding an average of 54%
- Hospitals experienced an average of 8.5 days of device shutdown time
Some of the reasons in the report paint a picture of a very unprepared security stance:
- 5% of all hospitals had no protection whatsoever against a list of common vulnerabilities and ransomware variants
- 15% have no means to identify the number of – let alone being able to manage and secure – devices on their network
- One-third of hospitals feel they need more cybersecurity staffing
Interesting to note that 51% of large hospitals experienced shutdowns due to “internally-initiated actions” such as a user falling for a phishing attack. The report seems to point out that much of a hospitals IT budget is focused on logging and alerting, rather than impactful parts of a security strategy designed to stop attacks from ever happening – such as Security Awareness Training, which can significantly reduce the attack surface of email-based cyberattack.