New survey finds victims are paying ransoms, but not getting all data back.
Cyberattack costs are adding up for the health care sector.
A survey of 1,121 information technology leaders in health care in 11 nations found 45% had experienced a ransomware attack in the prior 12 months, according to results from Arcserve, which specializes in protecting computer data.
Ransom demands were $100,000 to $1 million in 83% of cases. Victims are willing to pay to get their data back – 67% paid the ransom – but 45% did not recover all their data after the cyberattacks, according to a news release from Arcserve.
"In the face of growing number and sophistication of ransomware attacks, the health care industry continues to grapple with inadequate data protection and recovery mechanisms,” Arcserve Chief Marketing Officer Vitali Edrenkine said in the news release.
“An ounce of prevention may be worth a pound of cure – but our latest market research shows that when it comes to ransomware resilience, too many health care institutions have neither,” Edrekine said. “A robust backup and disaster recovery strategy is critical for healthcare organizations to build resistance to malicious attacks."
Despite efforts to raise awareness about cyber threats, 82% of health care IT departments lack an updated disaster recovery plan, according to the Arcserve poll.
Almost 75% of respondents said they believe data backed up to public cloud storage is safer than data backed up and stored on premises. More than 50% said they believe a cloud provider is responsible for recovering their data, which is mistaken, according to Arcserve.
While cyberattacks may come from anywhere in the world, targets are in developed nations. Survey participants had at least 100 employees and at least five terabytes of data and were in. Australia, New Zealand, Brazil, France, Germany, India, Japan, Korea, the United Kingdom, the United States, and Canada.
The news may be getting worse for recovering data that is stolen or encrypted. This month, Arcserve Director of Product Management Ahsan Siddiqui cited a Sophos study that found 67% of health care organizations paid ransoms to recover data and 100% of them recovered it.
In the Arcserve study, only 17% of health care executives said they have “high confidence” in their own IT team’s ability to recover lost data, Siddiqui said in the online report, “The Healthcare Data Resiliency Emergency (and What You can Do to Prevent It.)”
Siddiqui recommended three steps to protect health care data: