top of page
Search

Takeaways From Microsoft Research

Interesting article from Microsoft on the rise of ransomware targeting the healthcare industry It includes a roundtable and interviews from healthcare and cybersecurity professionals, which really emphasize the impact of ransomware attacks as well as how we, as an industry, can improve our resilience. It's a bit long but worth the read, with a decent amount of video and industry insight, so I am highlighting my key takeaways here.


The key takeaways are that the healthcare industry is one of the top 10 most targeted industries by ransomware attackers. With a history of making large ransomware payments, the criticalness of the services healthcare organizations provide, and the maturity level of cybersecurity in many health organizations, attackers find healthcare an easy target. From the video, “In healthcare cybersecurity, we are very much in the leaches, mercury and bloodletting phase.”


Some other takeaways:

  • Ransomware attacks on healthcare up 300% since 2015

  • The average payout is $4.4M, that does not include the recovery costs, fines, lawsuits

  • Healthcare organizations lose almost $900k per day of downtime due to system shutdowns, delays in critical medical procedures and rescheduled appointments.


But what really strikes me is the human toll of a ransomware attack on a healthcare organization, not measured in dollars and cents. The stakes couldn’t be higher, ransomware is literally killing people. The blast radius of a ransomware attack even affects nearby hospitals by creating a surge in emergency care cases, which slows response, and causes a huge drop in favorable outcomes in critical events like heart attacks, dropping from 40% pre-attack to 4.5% during the attack. This is much more than an inconvenience or costs associated with a breach, this impacts human health.


But what should we do about this ? The article recommends a defense in depth strategy and to put more focus on minimizing operational downtime. To learn how Plume Security can help your organization with ransomware resilience, please contact us



 
 
bottom of page