Trend Micro has revealed that 86% of global healthcare organizations (HCOs) that have been compromised by ransomware suffered operational outages.
Most (57%) global HCOs admit being compromised by ransomware over the past three years, according to the study. Of these, 25% say they were forced to completely halt operations, while 60% reveal that some business processes were impacted as a result.
On average, it took most responding organisations days (56%) or weeks (24%) to fully restore these operations.
Ransomware is not only causing the healthcare sector significant operational pain. Three-fifths (60%) of responding HCOs say that sensitive data was also leaked by their attackers, potentially increasing compliance and reputational risk, as well as investigation, remediation and clean-up costs.
Respondents to the study also highlight supply chain weaknesses as a key challenge. Specifically:
- 43% say their partners have made them a more attractive target for attack
- 43% say a lack of visibility across the ransomware attack chain has made them more vulnerable
- 36% say a lack of visibility across attack surfaces has made them a bigger target
The good news is that most (95%) HCOs say they regularly update patches, while 91% restrict email attachments to mitigate malware risk. Many also use detection and response tools for their network (NDR) endpoint (EDR) and across multiple layers (XDR).
However, the study also highlights potential weaknesses, including:
- A fifth (17%) don’t have any remote desktop protocol (RDP) controls in place
- Many HCOs don’t share any threat intelligence with partners (30%), suppliers (46%) or their broader ecosystem (46%)
- A third (33%) don’t share any information with law enforcement
- Only half or fewer HCOs currently use NDR (51%), EDR (50%) or XDR (43%)
- Worryingly few respondents are able to detect lateral movement (32%), initial access (42%) or use of tools like Mimikatz and PsExec (46%)
“In cybersecurity we often talk in abstractions about data breaches and network compromise. But in the healthcare sector, ransomware can have a potentially very real and very dangerous physical impact,” said Bharat Mistry, Technical Director at Trend Micro.
“Operational outages put patient lives at risk. We can’t rely on the bad guys to change their ways, so healthcare organisations need to get better at detection and response and share the appropriate intelligence with partners to secure their supply chains.”