The WannaCry ransomware attacks were more than just a mild inconvenience for these users. They were outright dangerous, with information held hostage. If you're a healthcare provider,…
An estimated 100,000 new ransomware variants are being created every day. The Cyber Threat Alliance reported that CryptoWall 3 was to blame for 406,887 infections and $325 million in damages during 2015.
If you are not investing in ransomware mitigation, the time to consider starting is now.
The investment in information technology across the healthcare sector is significant. Computer use is widespread in healthcare.
Here are the top 5 reasons why healthcare providers need ransomware mitigation.
What is ransomware and what is ransomware mitigation?
Ransomware is software which is intended to harm or get unauthorized access to a computer system. Attackers encrypt files and then try to extort money before they will unlock the files. This ransom is generally required to be paid in bitcoins.
Ransomware mitigation covers a range of approaches to remove or reduce the impact of ransomware attacks. Some of the approaches could include but are not limited to, the following.
- Effective e-mail and IT use policy
- Network security measures
- Cloud or off-site secure data back-up
- Disaster recovery planning
- User training and monitoring
Why is it so important for healthcare providers to put in place these measures? Read on to understand the top 5 reasons.
1. HIPPA Compliance
The Health Insurance Portability and Accountability Act requires healthcare providers to keep sensitive medical records safe. Failing to follow patient confidentiality can result in major consequences for healthcare providers.
Ransomware attacks could involve theft of data as well as temporary or permanent loss. Penalties range from fines of a few thousand dollars to criminal charges.
2. Medical Errors
After a ransomware attack, IT systems may be down for a time.
Healthcare providers have invested in Computerized Physician Order Entry (CPOE) systems and had reduced errors from poor handwriting or transmission of medication orders.
Without these systems, it is likely that errors will return. Unfamiliar paperwork and alternative procedures will cause more errors.
Clinical decisions will be made without the support of data. This is likely to result in some increase in errors.
Some of the increased costs that result from a ransomware attack include:
- Cost of response team
- Cost of handling calls from concerned patients and staff
- Replacement of damaged hardware
- Replacement of damaged software
- Replacement of lost records
- Compensation for data breaches
- Fines for HIPPA breaches
- The cost implications are large and varied.
4. Reputational Risk
A ransomware attack which compromises patient confidentiality can be a major reputational risk. Patients who feel that you have not taken care of their sensitive personal data are unlikely to have sympathy for you.
A Ponemon Institute study in 2011 researched the cost to 49 companies who had suffered a data breach. Over $3 million in losses were attributed to a loss of reputation, customers, and goodwill.
5. Loss of Business
Ransomware attacks impact retention and growth of your business. The diversion of funds, effort, and focus is a damaging distraction you could do without.
Concerned about your current ransomware mitigation arrangements?
Click here to discuss how we can help.