Ostendio Blog

The Evolution of Ransomware and Prioritizing Healthcare Data

Written by Niamh Bennett | Aug 14, 2017 9:15:05 PM

Has your organization experienced a data breach yet? Increasingly, odds are that you will, if you haven’t already. According to Protenus, 2017 is currently on track to exceed 2016’s trend of 'one health data breach per day.’ Although ransomware is nearly unavoidable if pointed in your direction, preparation and the ability to mitigate the breach isn’t.

As Josh Corman, director of the Cyber Statecraft Initiative at the Atlantic Council and a founder of the white-hat hacker collective I am The Cavalry states, “If you can’t afford to protect it, you can’t afford to connect it.” It’s a pointed reminder of the high value of and risk to sensitive data tied to human lives. Yet if corporate giants like Merck can be compromised, what about young digital health companies?

As of July 2017, the Identity Theft Resource Center (ITRC) shows over 3 million medical and healthcare records have been compromised. Follow that up with Dark Reading’s Executive Summary of “The Impact of a Security Breach” survey-based report, and you see why security professionals are edgy about the situation.

 

Image Courtesy of Caspio

 

Ransomware cybercriminals are increasingly well-organized. A recent expository study from Google reports malware authors are making incredible profits, over $25 million in the last two years. With malware files infecting machines, it created virtual ransomware victims and tracked transactions to the primary source, revealing how the ransomware threat is an evolved “ecosystem.”

It appears that ransomware’s complexity has risen with profits, too. With code that can figure out how to outmaneuver anti-malware programs through learning, the pressure on security officers increases exponentially. Healthcare industry leaders are feeling the strain more than nearly any other sector. Yet can they move fast enough?

The recurring message is that sensitive healthcare data needs to be handled correctly, that every organization’s daily operation needs to have cybersecurity and data protection at the top of its priority list. The Dark Reading report also says that 25% of surveyed organizations are formalizing security incident response “within the next year.” That’s hopeful.

Money is talking, too, and a hit to the bottom line for a breach vs the cost of security excellence is no contest. Data breach costs are up 29% since 4 years ago, averaging $4 million per breach (indirect costs included)*. It’s simply become too expensive not to prioritize risk mitigation and healthcare data protection.

Do you stand ready to protect the healthcare data from compromise? Talk to one of our security experts to see how MyVCM can help.

 

*Additional reference: ITRC PDF