Quarter of Healthcare Organizations Hit by Ransomware in Past Year: Study
One in four (27%) employees of healthcare organizations in North America admit to being aware of a ransomware attack targeting their employer over the past year, a new Kaspersky Lab survey reveals.
Ransomware attacks have plagued organizations in numerous sectors over the past several years, and the healthcare industry was one of their preferred victims, although security researchers have already noticed a downward trend in such incidents.
According to Kaspersky Lab, one in six (17%) healthcare employees admitted that their organization was hit by ransomware in the past five years, and only 12% are aware of such an attack occurring over the past two years. Of those who admit awareness of such cyber-security incidents, however, a third (33%) revealed that the organization was hit more than once.
Of those healthcare employees who admitted being aware of a cyberattack occurring, 85% of Canadians and 78% of Americans claim to have experienced up to five ransomware incidents in the past five years or more, the research reveals.
Kaspersky’s “Cyber Pulse: The State of Cybersecurity in Healthcare” report (PDF) is based on responses from 1,758 employees working at healthcare organizations in North America (1,004 in the United States and 754 in Canada) in October 2018, in roles ranging from doctors and surgeons, to administrators and IT staff.
In addition to providing insight into employee perceptions and behaviors related to cyber-security in the workplace, the survey also reveals a continuous pattern of ransomware assaults on organizations in the healthcare sector, and that the industry hasn’t yet learned from its mistakes.
The survey targeted very small businesses with 1-49 employees (VSBs), small & medium sized businesses with 50 to 249 employees (SMBs) and businesses with over 250 employees (enterprises). Most of the employees aware of ransomware attacks said they had experienced up to four such incidents (81% of VSB, 83% of SMB, and 81% of enterprises).
When asked about why they care about having cyber-security measures in place at their organization, the top reason the respondents invoked was to protect patients (71%), while 60% claimed they care because they want to protect people and organizations they work with. Thirty-one percent, however, said they do not want to lose their job as a result of not having appropriate cyber-security measures.
According to the report, 23% of the respondents are confident in their organization’s cyber-security strategy, and 21% said they don’t think their organization would suffer a data breach in the forthcoming year.
“Healthcare companies have become a major target for cybercriminals due to the successes they’ve had, and repeatedly have, in attacking these businesses. As organizations look to improve their cybersecurity strategies to justify employee confidence, they must examine their approach. Business leaders and IT personnel need to work together to create a balance of training, education, and security solutions strong enough to manage the risk,” Rob Cataldo, vice president of enterprise sales at Kaspersky Lab, notes.