The cybersecurity company Emsisoft based in New Zealand has published its ransomware statistics for 2020 that show there were at least 41 successful ransomware attacks on hospitals and other healthcare providers in the first half of the year.
In the first half of 2020, federal and state agencies, healthcare organizations, and educational bodies have encountered 128 successful ransomware attacks. The healthcare sector had 32% of those ransomware attacks.
The big number of ransomware attacks in 2020 is a continuation of a surge in attacks in the latter part of 2019. There are more than double the number of ransomware attacks in 2019 as in 2018. Healthcare providers had 350% more attacks in the last quarter of 2019. All industry sectors had 966 successful ransomware attacks on entities in 2019 costing approximately $7.5 billion.
2020 began horribly for the healthcare market with 10 healthcare providers encountering ransomware attacks on in January, then 16 more ransomware attacks in February. Attacks in March decreased because of the COVID-19 spreading all over the United States. Healthcare providers reported three successful ransomware attacks each in March and April while May had 4 attacks. Although the decline of successful attacks is surely good news, it doesn’t mean reducing risk because there is still a fairly constant number of attempted attacks. Emsisoft has forecasted growth in ransomware attacks on healthcare companies throughout the summer, as usually what happens during this period of the year. Workers are also beginning to go back to the workplace. Ransomware attacks diminished when the COVID-19 pandemic struck the United States, however, Emsisoft has begun seeing an increase in attacks again.
How to Prevent Ransomware Attacks and Limit Damage
So long as ransomware attacks continue to be lucrative and fairly low risk, there will be continuing attacks. Healthcare companies consequently must do something to enhance their protection against attacks. To avert attacks and reduce the damage brought on by successful attacks, Emsisoft advises the healthcare companies to do the following:
- Apply patches immediately
- Restrict admin rights
- Implement multi-factor authentication
- Turn off PowerShell if not necessary
- Segment the network
- Use web and email filtering solutions
- Deactivate RDP when not in use and secure it if being used
- Employees must be given routine HIPAA security awareness training
- Service providers with access to healthcare systems must be audited to ensure they are following the guidelines