Ransomware Attacks. PHOTO: Cybercrime Magazine.

Ransomware Runs Rampant On Hospitals

A woman dies in the aftermath of a cyberattack

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Oct. 2, 2020

Ransomware has been killing us financially over the past decade.

The fastest-growing type of cybercrime is predicted to inflict damages costing $20 billion by 2021 — which is 57X more than it was in 2015.

Now it has claimed a life.

A German woman’s death appeared to be the first due to a ransomware attack, according to a news release from the Associated Press.

German authorities reported last month that a ransomware attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

Cybercriminals are targeting hospitals for the money, not to harm patients, explains James McQuiggan, a security awareness advocate at KnowBe4.

Cybercrime TV: Ransomware hits Duesseldorf University Clinic’s systems

What happened on September 10, 2020?

Although this is the first death resulting from a ransomware attack — we’ve had warnings. In 2016 the Locky virus shut down some of the computer systems at Hollywood Presbyterian Medical Center in Los Angeles. As a result, radiation and oncology departments were unable to turn on their computers and use their equipment.

Earlier this week Universal Health Services, a huge U.S. based hospital chain, rerouted ambulances and canceled surgeries due to a ransomware attack affecting around 250 of its facilities. Fortunately, no patients were harmed.

These close calls barely scratch the surface of a ransomware epidemic that has the potential to impact emergency care and life-saving procedures if hospitals don’t take more precautionary measures.

Ransomware attacks in the healthcare sector have quadrupled over the past three years, despite ongoing warnings from the FBI, media outlets and cybersecurity experts globally.

Cybersecurity conversations are going up to the boardroom at healthcare providers, says McQuiggan. C-suite executives realize it’s a valid threat that not only impacts patient care but also causes reputational harm.

The healthcare industry is predicted to spend $125 billion on cybersecurity from 2021 to 2025, according to Cybersecurity Ventures. Hospital CFOs are expected to prioritize cyber and ransomware defenses similar to how they’ve invested into digitizing patient records and complying with HIPAA rules over the past decade. Up until now, four to seven percent of a health system’s IT budget has been in cybersecurity, compared to about 15 percent for other sectors such as the financial industry.

It’s the second day of National Cyber Security Awareness Month and we can’t draw enough attention to the risks and consequences of ransomware attacks on hospitals.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.

Sponsored by KnowBe4

KnowBe4 is the world’s first and largest New-school security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.

The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design the most powerful, yet easy-to-use platform available.

Customers of all sizes can get the KnowBe4 platform deployed into production twice as fast as our competitors. Our Customer Success team gets you going in no time, without the need for consulting hours.

We are proud of the fact that more than 50 percent of our team are women, where the average in cyber security is just 20 percent of employees.