Ransomware Attacks on Healthcare Companies Affect 20% of Stored Sensitive Information

Ransomware groups attack the healthcare industry because one successful attack allows them access to huge amounts of sensitive information that could be quickly monetized and gives a way to compel victims to pay the ransom. Healthcare companies are very dependent on access to information to operate, hence there is a greater chance to give a ransom payment to get back access to encrypted files. Attacks on the industry are likewise escalating. As per Recorded Future, healthcare companies encountered 358 ransomware attacks in 2023, which means a 46% year-on-year increase.

Cybersecurity company Rubrik conducted a study evaluating the effect of ransomware attacks and discovered that attacks on healthcare companies affect more information than other industries. Rubrik Zero Labs researchers learned that a ransomware encryption event impacts 20% of a healthcare company’s sensitive data holdings compared to 6% in other industries. This finding suggests that 20% of healthcare information is encrypted, erased, or stolen during an attack.

Healthcare companies usually maintain more sensitive information compared to other industries. Based on Rubrik’s analysis, healthcare organizations need to secure 50% more information than the global average. Healthcare companies keep an average of 42 million sensitive data files whereas the global average is 28 million sensitive files. The amount of healthcare information saved increases faster compared to other industry sectors. In 2023, a regular healthcare company saw a 27% increase in its data estate compared to 23% for a regular global company. The volume of sensitive data files in healthcare increased by 63% last year whereas the global average is 13%.

Rubrik got the data for its report “The State of Data Security: Measuring Your Data’s Risk” from telemetry of its company customer base of 6,100 companies and a study done by Wakefield Research involving over 1,600 IT and security professionals. In all industries, 94% of IT security professionals stated they had encountered a cyberattack in 2023, and about 30 attacks last year. 30% of IT security professionals reported a minimum of one ransomware attack impacted them. 93% of attacked companies gave a ransom payment and 58% paid to stop the exposure of stolen information.

More companies today rely on the cloud and, on average, use it to save 13% of a company’s files, it was only 9% last year. Based on Rubrik’s telemetry, there are inherent risks in using cloud storage because of security blind spots. Rubrik states that 70% of all files stored in the cloud are in object storage, which normally has reduced security coverage compared to other areas. 88% of all files kept in object storage are not verified as machine-readable or aren’t protected by well-known security systems and services. Over 25% of object storage files are governed by regulatory or legal requirements like HIPAA security rules.

Head of Rubrik Zero Labs, Steven Stone, said that despite the observed impact of cyberattacks in the news, data risk is still a murky problem, particularly when it comes to what security teams can and cannot change. The Rubrik report aims to give measurable insights that IT and security professionals can tell their company to push for greater cyber resilience, particularly with their business partners and governance teams.

Tags

Daniel Lopez

Daniel Lopez

Daniel Lopez stands out as an exceptional HIPAA trainer, dedicated to elevating standards in healthcare data protection and privacy. Daniel, recognized as a leading authority on HIPAA compliance, serves as the HIPAA specialist for Healthcare IT Journal. He consistently offers insightful and in-depth perspectives on a wide range of HIPAA-related topics, addressing both typical and complex compliance issues. With his extensive experience, Daniel has made significant contributions to multiple publications such as hipaacoach.com, ComplianceJunction, and The HIPAA Guide, enriching the field with his deep knowledge and practical advice in HIPAA regulations. Daniel offers a comprehensive training program that covers all facets of HIPAA compliance, including privacy, security, and breach notification rules. Daniel's educational background includes a degree in Health Information Management and certifications in data privacy and security. You can contact Daniel via HIPAAcoach.com.

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant
Scroll to Top

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name