Sensitive data gets compromised quite significantly when there happens to be a ransomware attack on healthcare organizations as compared to other sectors, as per an April 30 report released by Rubrik Zero Labs, one of the research arms of a cybersecurity firm.
20% of a typical healthcare firm’s sensitive data holdings get impacted, which means that the files are encrypted, deleted, or even taken away in the event that a ransomware encryption event is successful. An average company’s sensitive data gets impacted by just 6%.
Notably, healthcare companies happen to hold an outsized amount of sensitive data as compared to other sectors, averaging around 42 million sensitive data records as compared to a global average of 28 million records. The gap between sectors is indeed anticipated to grow as healthcare organizations go on to accumulate sensitive data more rapidly.
The fact of the matter is that cyberattacks happen to be quite a serious threat to healthcare operations, and there is no shred of doubt that they have gone on to become very common over the last 5 years.
Ransomware, which happens to be a kind of malware, goes on to deny users access to the data until the ransom gets paid, and it can very well have some drastic impacts when it comes to hospitals- in a way potentially cutting-off access to some prominent tools such as electronic health records- EHRs and pushing them to shift patients to other facilities.
The healthcare sector happens to be still recovering from the UnitedHealth-owned technology vendor Change Healthcare attack that took place in February 2024. This cyberattack went on to affect major tasks like billing, prior authorization requests, eligibility checks, and prescription fulfillment, to name a few.
The company opted to pay the ransom; however, a large amount of patient data may as well have been compromised. Because of a targeted sampling of the impacted data, UnitedHeath went on to find files with protected health information that could go on to cover a sizeable population in America.
All this has led regulators and lawmakers to take notice pertaining to cybersecurity risks. In early 2024, the HHS went on to release voluntary cybersecurity goals for the industry, with plans looking for enforceable benchmarks.
The budget proposal laid down by the Biden Administration for 2025 happens to have funds in it so as to boost hospital protection with penalties in case the providers do not adopt benchmarks.
The witnesses at a house subcommittee hearing pertaining to Change Cyberattack went on to argue that the funding might not be enough to shore up the defenses of the hospitals, specifically in the case of small and rural providers that are very vulnerable.
