According to new data from Comparitech, since 2016 Texas has experienced 14 ransomware attacks impacting a total of 483,000 patients, and costing as much as nearly $20 Million in damages.
It sort of makes me wonder, would it make sense for bad guys to actually want to target a specific industry and geography? Would it benefit them in the form of bigger – and more frequently paid – ransoms over time? There’s a valid argument that this could be true, as no organization wants to be in the headlines as the “17th organizations this year” – it would imply the problem was obvious and they didn’t do enough to stop it.
Even if it’s pure circumstance, new data from tech researcher Comparitech shows health care organizations in the state of Texas are the second more prevalent ransomware victim. Second to California, this new data is bad news for other potential targets. We’ve seen what appeared to be a coordinated set of attacks on Texas municipalities last year. The fear in both cases is bad guys realize how “easy” it is to successfully attack these kinds of orgs, and make efforts to continue the pattern.
At the same time, there is something to be said for the unusual success rates – perhaps there is some truth in the idea that these organizations simply aren’t ready. Don’t get me wrong; I’m not saying Texans don’t know how to do cybersecurity, but I am saying there are too many cases of successful attack for any Texas-based healthcare organization to take the new data lightly and do nothing about it.
It’s time for every organization to implement proper security controls in the form of a layered security defense against malware, phishing, social engineering, etc., as well as using Security Awareness Training to educate users about attacks and elevate their ability to identify and stop phishing attacks.
Texas Healthcare is in the spotlight today. There’s nothing saying your state and industry won’t be the next trend.