As an interesting global study by Trend Micro shows, almost 60 percent of the healthcare companies surveyed were affected by ransomware in 2022. A quarter of all affected healthcare facilities have to stop operations. The supply chains were the main source of risk.
According to the study by the Japanese security provider, well over half (57 percent) of the healthcare companies surveyed admitted to having been compromised by ransomware in the last three years. 25 percent of the victims also stated that their operations had come to a complete standstill. Another 60 percent experienced an impairment in their business processes. On average, it took most organizations days (56 percent) or weeks (24 percent) to fully restore operations. Ransomware is not only causing significant operational problems in the healthcare sector, but is considered one of the top cyber risks in other industries as well.
weeks until operations were up and running again
For around 60 percent of those surveyed, sensitive data fell into the wrong hands as a result of the attack. This poses an increased compliance risk and can damage the company's reputation. It also increases the cost of investigating, containing, and cleaning up the incident.
The participants in the study named vulnerabilities in the supply chain as one of the biggest challenges. The following areas are particularly relevant:
- 43 percent believe their partners have made them a more attractive target.
- 43 percent also say a lack of visibility into the entire ransomware attack chain has made them more vulnerable.
- 36 percent cite a lack of visibility into their attack surface as another reason that has made them more of a target for attacks.
The good news is that a majority of healthcare organizations (95 percent) regularly update patches, especially for systems that are visible to the outside world, while an almost as large proportion (91 percent) restrict email attachments, thereby reducing the risk of malware. Many of the companies surveyed also use tools for Network (NDR), Endpoint (EDR) or Extended Detection and Response (XDR).
Healthcare study: Other potential vulnerabilities
- A fifth (17 percent) have no remote desktop protocol (RDP) controls at all.
- Many organizations don't share threat intelligence with partners (30 percent), suppliers (46 percent), or their broader ecosystem (46 percent).
- A third (33 percent) do not share information with law enforcement.
- Only half or fewer of the companies surveyed currently use NDR (51 percent), EDR (50 percent), or XDR (43 percent).
- Worryingly few healthcare companies are able to detect lateral movement (32 percent), first access (42 percent) or the use of tools like Mimikatz and PsExec (46 percent).
“Cyber criminals specifically target healthcare facilities that appear to have a weak link in their defense chain. The great pressure that is currently weighing on companies and institutions in the industry, as well as often low IT security budgets that are disproportionate to the importance of the systems, make them easy victims of attacks," says Richard Werner, Business Consultant at Trend Micro. "This makes the healthcare industry one of the top 3 most attacked industries worldwide."
It should also be pointed out at this point that the Federal Government has also been supporting investments in IT security since January 2021 as part of the Hospital Future Act (KHZG).
About the Study
Trend Micro commissioned Sapio Research to survey 2022 IT decision makers in 2.958 countries, including the UK, France, Germany and the US, in May and June 26. The study "Everything is connected: Uncovering the ransomware threat from global supply chains" is available to read online.
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.