The Ransomware attack took the world by storm last year, with sectors and industries falling by the wayside. In fact, the propensity to suffer a Ransomware attack varies greatly by industry sector. According to a report released by Sophos, healthcare stands out with 76% of respondents falling victim in the last year. At the other end of the scale, financial services are the sector least likely to have suffered a breach, though even that industry felt the pressure with 45% of respondents attacked by ransomware.
Although both healthcare and financial services hold high-value data, healthcare is often perceived as a soft target, leading to increased frequency of attack. That assumption is not without merit – healthcare tends to have an aging IT infrastructure, leaving security holes, as well as restricted resources for improving IT security. Healthcare organizations are also considered to be more likely to pay a ransom.
Interestingly, hackers are not discriminating by organization size. The likelihood to suffer an attack is about the same for both smaller and larger companies responding to the survey: 50% of the 100-1,000 user organizations had fallen victim, compared with 58% of those in the 1,001-5,000 user category. Big or small, everyone is a target.
The healthcare conundrum: Biggest victims, largest investors in prevention
Healthcare presents an interesting equation. They are the most likely to suffer an attack (76%), and yet are also the most invested in anti-ransomware protection (at 53%, alongside energy, oil/gas, and utilities). How does this dichotomy play out? In part, it’s because criminals continue to see healthcare as an easy target, so a disproportionate amount of attacks are aimed at the industry.
Also, the older technology healthcare relies on (such as the afore-mentioned MRI machines) only run on old operating systems. Healthcare also tends to fight a battle against limited or restricted resources in this area. A lack of people, hardware, and software lead to patchy security, so even when one part of the organization has the necessary anti-ransomware protection, it’s not across the board. Malware can still get in. And there’s also the issue of quality. Not all anti-ransomware protection is created equal. Some options simply aren’t as effective at stopping an attack.
Fortunately, healthcare organizations are learning from experience and have chosen to invest in anti-ransomware technology after seeing the harm caused by earlier breaches.