By now, we all have pandemic fatigue. But before we put our guards down, there’s another contagion spreading: ransomware. It moves with ferocity, especially across healthcare, and if it can't be stopped in its earliest stages, it can have lethal consequences. The stats alone tell a tragic tale:
- $10.9M, average cost of a healthcare data breach in 2023
- 133M health records stolen, exposed, or impermissibly disclosed in 2023
- 20% to 35% increase in in-hospital mortality for patients admitted to a hospital undergoing a ransomware attack
Put yourself in the shoes of a physician in the middle of a breach. You can't access vital data. Nurses are scrambling with pen and paper. Every passing minute jeopardizes your patients’ safety. Now, imagine telling an elderly woman that, due to the network outages, her heart surgery has to be postponed. Facing an uncertain future, she stares at you, confused, desperate, and scared. When she asks when it can be rescheduled, all you can offer is a helpless, “I don’t know.”
These chaotic scenarios are, unfortunately, becoming a new normal. Just look at the ransomware attack on Ardent Health Services on Thanksgiving Day 2023. Systems crashed. Ambulances were rerouted. Patient care hung in the balance.
Healthcare organizations—hospitals, dental clinics, pharmacies, medical labs to name a few—are vital to everyone’s well-being, so it’s no surprise some will defy the conventional wisdom of “don’t pay the ransom” and just cough up the money. After all, when lives are on the line, cold logic gives way to survival instincts. UnitedHealth’s recent $22 million ransom payment made this crystal clear. This surrender, however, served as a rallying cry for the worst of the worst, the most depraved threat actors who willingly put lives at risk in pursuit of profit.
Ransomware: A Digital Pathogen Inflicting Real Pain, Swiftly and Severely
To improve patient care, healthcare providers are relying more and more on digital data. This reliance, however, is a double-edged sword. While it’s easier to access and share information, it also means that the systems storing this data are vulnerable to cyberattacks.
Ransomware is like a viral pathogen, and social engineering, such as phishing, is a vector for its transmission. Attacks can often go undetected until it's too late. Some estimates say healthcare data breaches can go over 230 days before they’re even uncovered. Yet once ransomware propagates, it does so quickly, encrypting thousands of files within minutes.
Hackers particularly love exploiting weaknesses in healthcare IT systems to access an organization's protected health information (PHI), and then they hold it hostage until a ransom is paid. Upon receiving payment, the hackers—assuming they keep their word—will provide a decryption key to release your data.
According to The HIPAA Journal however, in 2021, even when healthcare organizations paid the ransom, less than 65% of their data was restored. Worse yet, only 2% of organizations that paid were able to restore all of their data.
Additionally, ransomware-as-a-service (RaaS) has helped proliferate cyberattacks on healthcare organizations, big and small. Shady operators create RaaS tools and distribute them to affiliates, who, in turn, offer the operator a cut of the profits. This means anyone with a few technical skills and even fewer scruples can execute ransomware attacks on a whim.
And if you don’t pay? That’s no problem, at least for the hackers. PHI is quite lucrative on the black market. In fact, the U.S. Department of Health and Human Services (HHS) reports health records can fetch up to $1,000 a pop.
Leveraging Managed EDR Solutions Can Better Fortify Healthcare
Healthcare organizations have to become impenetrable fortresses against cybercriminals. While you can't always prevent hackers from approaching your gates, you can stop them from breaching your walls. This is where we recommend a defense-in-depth strategy, a holistic approach that strengthens your fortifications by layering tools like intrusion prevention, data encryption, and threat detection. Just like plates of armor, this approach builds strong barriers that can fend off cyberattacks, even if one layer is breached.
Managed endpoint detection and response (EDR) reinforces this strategy by identifying and responding to threats targeting endpoints such as desktops, servers, and other connected devices. Using automated technologies and expert human analysts, a managed EDR takes charge of your healthcare organization’s critical cybersecurity needs, including:
- Monitoring and gathering endpoint data
- Identifying and investigating potential threats
- Prioritizing alerts for action
- Providing easy remediation steps, including one-click solutions
With a managed EDR, you're not just defending your organization—you're partnering with a proactive ally that can help you enhance your security posture to mitigate the risk of ransomware attacks and improve how you protect patient data.
Real-World Incidents: An Ounce of Prevention is Worth a Pound of Cure
In the early morning hours of December 11, 2023, a managed service provider (MSP) specializing in cybersecurity for medical practices, received an urgent alert from Huntress' Security Operations Center (SOC)—ransomware had been detected on a client server.
Fortunately, the MSP had deployed Huntress Managed EDR for the client, which enabled our SOC to take immediate action. By the time the MSP’s team noticed the alert an hour later, the SOC had already isolated the server, preventing the ransomware from spreading further.
Following our guidance, the MSP promptly implemented the necessary remediation measures. Thanks to the proactive approach enabled by Huntress, the impacted client was up and running again by the following day. Without our prompt threat detection and the MSP’s timely intervention, the consequences could’ve been much more severe.
But for those who aren’t prepared, fortunes aren’t as bright. At the height of COVID, a physician’s office in the southwest was hit by ransomware. Only after realizing they’d been attacked did they attempt to deploy Huntress. By then, however, it was too little, too late. The damage was done. Personal information, financial records, and patient data had been stolen and posted for sale online. And, not surprisingly, it all sold.
When it comes to cybersecurity, procrastination is an invitation to disaster. Like a disease, the longer you postpone treatment, the worse your condition becomes, leaving fewer cures available to you. Though HIPAA might penalize medical practices for cybersecurity negligence, and while fines can run into seven figures, the threat of compliance pales in comparison to the fallout of a ransomware attack.
These incidents emphasize the value of proactive security measures, especially in a healthcare setting. Threat actors love to exploit vulnerabilities, often lingering in healthcare IT systems for weeks before striking. Our knack for early detection enables preemptive action that can thwart ransomware attacks before they materialize into things far worse—damaged credibility, significant financial losses, and eroded patient trust.
Let Huntress Help You End the Plague of Ransomware
Ransomware is an invisible pandemic, devastating patient care. Consider the potential chaos within your healthcare facility during a breach. Systems are disrupted. Data is inaccessible. Lives are endangered. Now, realize none of this has to happen. By implementing solutions like Huntress Managed EDR, your organization can bolster its defenses and stand strong against the most unethical of cybercrimes.
With our 24/7 SOC and swift threat neutralization, Huntress managed solutions are tailored for healthcare. In fact, we now secure more than 10,000 healthcare organizations. Given our track record of protecting millions of endpoints globally, we help enable your org to focus on what matters most—patient safety.
To see how Huntress managed solutions can help you better defend your organization, start your free trial today.
