Cloudpush’s Post

Research shows that healthcare is now the third-most targeted ransomware victim, and attacks against physician practices as well as hospitals are on the rise.

In 2024, healthcare providers experienced a surge in cyberattacks, with over 557 incidents reported by November. These attacks targeted both large organizations, such as Cedars-Sinai Medical Center and Ascension Health Alliance, and small providers, exposing vulnerabilities across the industry. Significant breaches included ransomware attacks on Change Healthcare and Ascension, impacting healthcare operations, patient data, and revenue streams. Amidst these incidents, U.S. regulators and lawmakers are proposing stricter cybersecurity rules for 2025. A bipartisan Senate bill seeks to enhance the Department of Health and Human Services’ (HHS) cybersecurity framework, require multifactor authentication, conduct regular audits, and provide tailored guidance and grants for rural healthcare providers. Additionally, HIPAA updates with new electronic health information protection measures are expected to be proposed by HHS in December. Smaller healthcare providers, however, face challenges complying with these stricter rules due to limited resources, lack of IT staff, and difficulties obtaining cyber insurance. Many struggle to balance basic operations while defending against increasingly sophisticated cyber threats. Incidents, such as ransomware attacks and phishing scams, have affected smaller clinics like the Hirsh Center for Arthritis, highlighting the widespread impact of cybersecurity risks. Healthcare executives stress the need for the industry to take cyber resilience more seriously, with some deploying drills and additional staff to address vulnerabilities. However, many small organizations find federal advice and tools insufficient given their lack of technical capacity. As cyber threats evolve, the industry is under pressure to enhance its defenses while addressing systemic resource gaps. #CyberSecurity #HealthcareSecurity #CyberThreats #HIPAACompliance #HealthTech #HealthcareIT #HealthcareProviders

#Ransomware is an invisible pandemic, hitting #healthcare hard and devastating patient care. Despite warnings, some healthcare organizations opt to pay, but giving in only emboldens #cybercriminals. Head to our blog to see real-world incidents and learn how a managed #EDR can help protect you and your organization.

I feel like this might surprise a lot of folks (it surprised me) but the advice I’ve heard given to organizations holding onto PHI that has become an instrument in a ransomware attack is to just pay the ransom. Most would argue that it only emboldens the criminals to do it again. And they’d be right - which is why we’re seeing so many big-fish ransomware attacks in the healthcare space all of the sudden. Criminal organizations (whether state-sponsored, or otherwise) were emboldened over the years infiltrating smaller data networks and we’re seeing these organizations reach their peaks, trying trusted ransomware methods on larger and larger fish. Why? It has a lot to do with HIPAA and breach notifications. Organizations assume that they can get all of the data back from the hackers in most situations. If hacked entities can successfully show full data retrieval, they can avoid sending out breach notifications, HIPAA penalties, and potential lawsuits. If you can imagine an organization with a legal presence in dozens of states holding onto decades of protected health data for tens of millions of patient lives, you can see why they’d want to avoid opening themselves up to that much liability, if at all possible. Ransomware amounts, from what’s publicly available, tend to be a fraction of the potential legal fees, penalties, and payouts. Hence the advise to pay the hackers and roll the dice on data retrieval. So, it’s sort of a catch-22 for health data-owning organizations. You’re damned if you pay out the ransom, you’re definitely damned if you don’t, and, as Change/UHS recently found out, you’re double-damned when you pay the ransom and the hackers turn out to be really bad guys who lied and ran off with the money so the middleman doesn’t want to return the data… So…how do we fix this? https://lnkd.in/eNbbg_ig #ascension #cyberattack #hipaa #data #healthcare #phi

Ransomware attacks on the healthcare sector are particularly concerning due to the sensitive nature of patient data and the critical services that healthcare providers offer. Collaboration with cybersecurity experts and adherence to regulatory standards can also help mitigate risks and enhance resilience against future attacks.

The disastrous ransomware attacks on Change Healthcare and Ascension this year ran up staggering costs and put a spotlight on the healthcare sector’s vulnerability. But healthcare orgs are hardly new to eye-popping bills after a major hack. Analyzing attacks on organizations in 16 countries, IBM/Ponemon Institute has shown healthcare to be the industry with the highest cost per data breach for over a decade, coming in at an average hit of $10.93 million in 2023. One way healthcare orgs can offset their losses is by purchasing cyber insurance—but underwriters are requiring them to up their cybersecurity game.

Hacking incidents like this one continue to proliferate in healthcare. Is your compliance program up to date & active? It better be. #hipaa #HealthcareCompliance 🔔 Don’t miss any of our HIPAA & Compliance posts, tips, or insights. Click the bell underneath the banner on the right-hand side to get notified as soon as we publish!

🏥💻 Why Do Hackers Target Healthcare Data? 🤔🔒 Medical records are a goldmine for hackers—packed with personal, financial, and sensitive health info. 💳🧬 This data is worth more than credit card details on the black market. 🚨 Healthcare breaches risk identity theft, disrupt lives, and erode trust. It’s time to prioritize cybersecurity in healthcare. 🛡️ #CyberSecurity #DataBreach #HealthcareSecurity #DataPrivacy #ProtectYourData #CYBRID

The U.S. Department of Health and Human Services is ramping up digital efforts to protect Americans in a year that's witnessed hackers targeting sensitive patient data and major breaches at Ascension and UnitedHealth.

The U.S. Department of Health and Human Services is ramping up digital efforts to protect Americans in a year that's witnessed hackers targeting sensitive patient data and major breaches at Ascension and UnitedHealth.