Cyberattacks keep coming in health care


New survey finds victims are paying ransoms, but not getting all data back.

cloud it technology medicine cybersecurity: © wladimir1804 -

© wladimir1804 -

Cyberattack costs are adding up for the health care sector.

A survey of 1,121 information technology leaders in health care in 11 nations found 45% had experienced a ransomware attack in the prior 12 months, according to results from Arcserve, which specializes in protecting computer data.

Ransom demands were $100,000 to $1 million in 83% of cases. Victims are willing to pay to get their data back – 67% paid the ransom – but 45% did not recover all their data after the cyberattacks, according to a news release from Arcserve.

"In the face of growing number and sophistication of ransomware attacks, the health care industry continues to grapple with inadequate data protection and recovery mechanisms,” Arcserve Chief Marketing Officer Vitali Edrenkine said in the news release.

“An ounce of prevention may be worth a pound of cure – but our latest market research shows that when it comes to ransomware resilience, too many health care institutions have neither,” Edrekine said. “A robust backup and disaster recovery strategy is critical for healthcare organizations to build resistance to malicious attacks."

Despite efforts to raise awareness about cyber threats, 82% of health care IT departments lack an updated disaster recovery plan, according to the Arcserve poll.

Almost 75% of respondents said they believe data backed up to public cloud storage is safer than data backed up and stored on premises. More than 50% said they believe a cloud provider is responsible for recovering their data, which is mistaken, according to Arcserve.

While cyberattacks may come from anywhere in the world, targets are in developed nations. Survey participants had at least 100 employees and at least five terabytes of data and were in. Australia, New Zealand, Brazil, France, Germany, India, Japan, Korea, the United Kingdom, the United States, and Canada.

The news may be getting worse for recovering data that is stolen or encrypted. This month, Arcserve Director of Product Management Ahsan Siddiqui cited a Sophos study that found 67% of health care organizations paid ransoms to recover data and 100% of them recovered it.

In the Arcserve study, only 17% of health care executives said they have “high confidence” in their own IT team’s ability to recover lost data, Siddiqui said in the online report, “The Healthcare Data Resiliency Emergency (and What You can Do to Prevent It.)”

Siddiqui recommended three steps to protect health care data:

  • Develop a comprehensive data resiliency plan with policies and procedures to protect patient information.
  • Use a 3-2-1-1 strategy with three backup copies of data, stored on two different media types, and one stored offsite or in the cloud, and one in immutable object storage.
  • Teach your staff about cybersecurity and data protection.
Related Videos
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot
Michael J. Barry, MD
Hadi Chaudhry, President and CEO, CareCloud
Claire Ernst, JD, gives expert advice
Arien Malec
remote patient monitoring
Deven McGraw, JD, MPH, gives expert advice
Related Content
© 2023 MJH Life Sciences

All rights reserved.