Navigate the healthcare industry
Healthcare Brew covers pharmaceutical developments, health startups, the latest tech, and how it impacts hospitals and providers to keep administrators and providers informed.
Ransomware attacks are a major headache for the healthcare industry, targeting everywhere from hospitals to blood banks.
A new report from Microsoft now provides some numbers that highlight the cybersecurity challenges the industry faces.
The tech giant reported that “389 healthcare institutions were successfully hit by ransomware” between July 2023 and June 2024. These attacks caused network closures, put systems offline, delayed medical care, and rescheduled appointments, according to the report.
In its report, Microsoft found that the healthcare industry is the ninth-targeted industry, with 2% of all attacks focused on it.
Broadening the scope beyond healthcare, among its customer base, Microsoft also reported a 2.75x increase in YoY “human-operated ransomware-linked encounters,” which was defined by having at least one device targeted within a network.
The number of attacks reaching the “actual encryption phase,” where devices are locked and protected, decreased by threefold over the last two years, according to the report.
Attacking the attack. Still, ransomware attacks in the medical industry have the biggest price tag.
An August report from IBM and the Ponemon Institute, a Michigan-based research firm, found that cybersecurity issues in the healthcare industry are more expensive than other industries, with an average cost of $10.93 million per data breach in 2023. For comparison, finance had the next highest average cost at $6.08 million.
And while the federal government is playing Whack-a-Mole against bad faith actors, it’s also attempting to help the fragile healthcare system protect itself.
In May, the Department of Health and Human Services pledged to invest $50 million toward data protection under an initiative called the Universal Patching and Remediation for Autonomous Defense, or UPGRADE. The goal is to help hospitals detect and respond to potential cyberattacks faster, and the agency is seeking proposals from health IT experts, medical device makers, and healthcare providers to come up with ways to do so.
And perhaps the most understanded two sentences in the report: “Ransomware remains one of the most serious cybersecurity concerns. And for valid reasons.”