82% of Hospitals Experienced IoT Cyberattack in Past 18 Months
Of the hospitals that experienced an IoT attack, 34% were ransomware and 33% paid the ransom, according to a new joint report.
Since the start of the pandemic, more than eight and 10 hospitals have reported experiencing an Internet of Things (IoT) cyberattack, according to a new joint report.
“Healthcare IoT Security Operations Maturity — A Rationalized Approach to a New Normal,” released by Medigate and Crowdstrike, highlights recent cyberattack trends and emphasizes the need for hardened cybersecurity in healthcare facilities.
The report found 82% of hospitals had an IoT cyberattack between March 2020 and Sept. 2021. Of the hospitals that experienced an IoT attack, 34% were ransomware. Furthermore, the report found 33% paid the ransom and 31% of those hospitals did not get their data restored. The FBI has previously said organizations should not pay a ransom because it doesn’t guarantee that you’ll get data back and it encourages more ransomware activities.
A total of 92 ransomware attacks affected over 600 separate clinics, hospitals, and organizations and more than 18 million patient records in 2020 alone, the report says. Through June of 2021, 93% more ransomware attacks have been carried out than in the same period last year.
“The surge has given rise to ‘triple extortion’ techniques whereby attackers, in addition to seeking payment from the [Healthcare Delivery Organizations], also coerce payments from patients and business partners,” warns the report.
In 2020, the average ransom paid was $910,335 USD. One mid-2020 ransomware attack at a 600-bed U.S.-based university system led to a 40-day shutdown that cost the system nearly $64 million, according to the report.
The report also provides recommendations for how healthcare facilities can defend themselves against these advancing threats.
“Healthcare now understands the reality of the threat and is doing something about it. And that’s a good thing. But, when faced with all the advanced options promoting layered defense capabilities, we thought it was time to detail a more simplified approach,” said Jonathan Langer, Co-Founder and CEO of Medigate. “HDOs require a unified security approach to defend against evolving threat landscapes.”