The Microsoft Threat Intelligence Briefing: Healthcare has reported that the healthcare/public health sector was one of the top 10 most impacted industries in the second quarter of 2024 and that there has been a 300% surge in ransomware attacks. There is now an entire industry of RaaS – Ransomware as a service. The same way a doctor can subscribe to have access to an EHR. Bad actors can subscribe to services that will create ransomware for them. Bad actors are also utilizing AI to create ransomware and better target ransomware attacks.
The cost of ransomware has been estimated to be up to $900,000 per day for the US healthcare industry.
You can view the Microsoft Intelligence Report at this link US Healthcare at risk: Strengthening resiliency against ransomware attacks (microsoft.com)
Crowdstrike published a very sobering article on AI and ransomware at the link below
Most Common AI-Powered Cyberattacks | CrowdStrike
The takeaway from this information is that we as healthcare providers are in the cross hairs of bad actors who are looking to disrupt our ability to provide quality care to our patients. They are doing this for a variety of reasons, not the least of which is financial gain.
If we are hit with a ransomware attach the impacts can include:
- • Loss of access to our medical records causing
- ○ Adverse outcomes for patients
- ○ Disruptions of our Revenue Cycle Management Activities
- ○ Inability to respond to Insurance Company Audits
- ○ Inability to respond to patient requests for copies of their Health Information (a violation of the HIPAA right of Access Rule)
- ○ Inability to respond to administrative requests for medical records
- • Needing to respond to a HIPAA Breach including
- ○ Having to send out a letter to each and every patient informing them of the breach
- ○ Having to publish a notification in the news of the breach
- ○ Having to hire a IT team to repair the damage caused
- ○ Having to respond to a government investigation about the breach
- ○ Having to pay fines as a result of the breach
The best way to avoid all of these negative impacts is to not have a ransomware event in the first place. But what if you do have one?
Ransomware is a type of disaster that can hit your office.“Be Prepared” is the motto of the boy scouts since 1910. By being prepared for a disaster you are in a better position to respond and recover from that disaster. On December 3 CMEonline is hosting a free program “Disaster Preparedness and Disaster Recovery”. The program will talk about various disasters that can impact your IT systems and your ability to function, how to prepare in advance so that when a disaster does hit you can recover as quickly and painlessly as possible. To register for this free program, visit https://attendee.gotowebinar.com/register/2838310544958246745
Read Comments