Trend Micro, one of the world’s leading providers of cybersecurity solutions, released a new study revealing that 86 per cent of healthcare companies and institutions worldwide that were affected by ransomware suffered operational losses.
According to the study by the Japanese security vendor, well over half (57 per cent) of healthcare organisations surveyed admitted to having been compromised by ransomware in the last three years. Twenty-five per cent of victims also said their operations had come to a complete standstill. Another 60 per cent experienced a disruption to their business processes. On average, it took most companies days (56 per cent) or weeks (24 per cent) to fully restore operations. Ransomware not only causes significant operational problems in the healthcare sector, but is also considered one of the biggest cyber risks in other industries.
For three-fifths (60 percent) of the respondents, sensitive data fell into the wrong hands as a result of the attack. This poses an increased compliance risk and can damage the company’s reputation. It also increases the cost of investigations, containment measures and incident clean-up.
The participants in the study named vulnerabilities in the supply chain as one of the biggest challenges. The following areas are particularly relevant:
- 43 per cent believe their partners have made them a more attractive target for attack.
- 43 percent also say a lack of transparency in the entire ransomware attack chain has made them more vulnerable.
- 36 per cent cite a lack of visibility into their attack surface as another reason that has made them more of a target for attacks.
The good news is that a large proportion of healthcare organisations (95 per cent) regularly update patches on systems that are primarily visible to the outside world, while almost as large a proportion (91 per cent) restrict email attachments, reducing the risk of malware. Many of the companies surveyed also use tools for network (NDR), endpoint (EDR) or extended detection and response (XDR).
However, Trend Micro’s study also reveals potential vulnerabilities, including:
- One-fifth (17 per cent) have no remote desktop protocol (RDP) controls.
- Many organisations do not share threat data with partners (30 per cent), suppliers (46 per cent) or their wider ecosystem (46 per cent).
- A third (33 per cent) do not share information with law enforcement.
- Only half or fewer companies surveyed currently use NDR (51 per cent), EDR (50 per cent) or XDR (43 per cent).
- Worryingly, few healthcare companies are able to detect lateral movement (32 per cent), first-time access (42 per cent) or the use of tools such as Mimikatz and PsExec (46 per cent).
“Cybercriminals are targeting healthcare facilities that have a perceived weak link in their defence chain. The great pressure currently on companies and institutions in the sector, as well as often low IT security budgets that are not in proportion to the importance of the systems, make them easy victims of attacks,” said Richard Werner, business consultant at Trend Micro. “This puts the healthcare industry among the top three most attacked industries in the world.”
It should also be noted at this point that the German government has also been supporting investments in IT security since January 2021 as part of the Hospital Future Act (KHZG).
Further study results can be found in English here: