About
90%
of
healthcare
organizations
are
insecurely
connected
to
the
internet
and
running
systems
vulnerable
to
exploitation
by
ransomware
gangs,
according
to
research
released
this
week
by
cybersecurity
firm
Clarorty.
The
report
examined
data
from
more
than
350
healthcare
organizations,
finding
that
78%
of
them
have
made
ransomware
payments
of
$500,000
or
more.
Healthcare
cybersecurity
incidents
are
often
egregiously
expensive
because
they
create
a
wide
range
of
costs
—
chief
among
them
being
the
inability
to
provide
patient
care,
noted
Ty
Greenhalgh,
industry
principal
of
healthcare
at
Claroty.
“When
systems
are
locked
down
by
ransomware
or
disrupted
by
cyberattacks,
hospitals
may
be
forced
to
divert
patients,
cancel
procedures
or
revert
to
manual
operations,
all
of
which
impact
revenue
and
patient
safety,”
he
explained.
Beyond
service
disruption,
costs
can
build
up
due
to
things
like
ransomware
payments,
regulatory
fines,
class
action
lawsuits
and
the
provision
of
identity
protection
services
for
impacted
patients,
Greenhalgh
added.
He
pointed
out
that
even
simple
expenses
like
notification
letters
add
up
fast
when
thousands
of
people
are
affected.
Depending
on
the
healthcare
organization
and
its
footprint,
millions
of
people
could
be
affected
by
a
single
cyberattack.
For
instance,
Change
Healthcare’s
cyberattack
from
last
year
exposed
the
data
of
190
million
people,
and
Ascension’s
cyberattack
from
last
year
impacted
more
than
5
million
people.
“For
example,
at
$0.15
per
letter,
a
breach
affecting
2
million
patients
results
in
a
$300,000
cost
just
for
mailing
notifications.
Combine
this
with
forensic
investigations,
system
recovery,
lost
revenue,
and
reputational
damage
and
the
total
financial
impact
can
reach
millions
—
or
even
billions
—
of
dollars,”
Greenhalgh
explained.
In
his
eyes,
the
riskiest
exposure
facing
healthcare
organizations
right
now
is
internet-facing
devices
that
have
known
exploitable
vulnerabilities
(KEVs)
linked
to
ransomware
attacks
in
the
wild.
KEVs
refer
to
security
flaws
that
have
been
actively
exploited
by
cybercriminals
—
posing
an
immediate
risk
to
systems
and
requiring
urgent
remediation.
“These
devices
are
actively
communicating
outside
the
health
system,
have
been
compromised
in
attacks
against
other
organizations,
and
remain
a
prime
target
for
cybercriminals,”
Greenhalgh
said.
The
traditional
cybersecurity
tools
and
processes
that
healthcare
providers
are
using
to
manage
their
IT
devices
are
not
addressing
these
vulnerabilities
adequately,
he
added.
Healthcare
organizations
often
struggle
to
stay
on
top
of
cybersecurity
best
practices
because
of
how
quickly
the
threat
landscape
is
evolving
and
how
complex
their
operating
environments
are,
Greenhalgh
stated.
“Historically,
humans
were
the
weakest
link,
with
phishing
and
social
engineering
being
the
primary
entry
points
for
attackers.
However,
since
2024,
hands-on-keyboard
system
exploitation
has
surged,
making
direct
system
hacking
just
as
prevalent,”
he
remarked.
Cybercriminals
won’t
stop
targeting
healthcare
providers,
so
they
can’t
completely
prevent
a
motivated
hacker
from
gaining
access
to
their
network,
Greenhalgh
noted.
Instead,
he
said
their
focus
should
be
on
raising
barriers
to
lateral
movement
and
privilege
escalation,
which
are
key
steps
in
ransomware
attacks.
These
steps
enable
attackers
to
spread
across
a
network,
gain
higher-level
access
and
maximize
damage
by
encrypting
an
organization’s
critical
systems
and
data.
But
healthcare
providers
have
a
very
tall
task
in
front
of
them
when
it
comes
to
elevating
risk
barriers,
Greenhalgh
said.
“This
requires
strong
cybersecurity
basics,
including
device
identification,
communication
mapping,
network
segmentation
and
vulnerability
management
—
all
of
which
are
difficult
to
achieve,”
he
declared.
Photo:
WhataWin,
Getty
Images