The high profile WannaCry and Petya ransomware attacks in 2017 brought institutions—including major health systems—around the world to a screeching halt and drew attention to the rising cybersecurity threats facing healthcare.
In fact, the nonprofit ECRI Institute named ransomware and other malicious software its top health technology hazard for 2018. Hackers use these computer programs to infiltrate an organization’s network and prevent the organization from accessing its electronic medical records or online systems. The attackers then demand a ransom to stop the attack. These attacks can bring normal hospital operations to a halt causing delays in patient care that could threaten patient safety, said Juuso Leinonen, senior project engineer in the ECRI Institute’s Health Devices Group.
“This is a problem and there’s probably no hospital that’s completely immune to it,” Leinonen said.
Healthcare has become the top target for such attacks, according to a survey of 2700 Internet Technology (IT) managers by network security company Sophos. Three-quarters of healthcare institutions that responded to the survey had been victims of ransomware attacks, even though more than half had systems in place to prevent them. Across sectors, the average cost of an attack was $133,000 and affected organizations often face repeat attacks.