Expect more weaponized malware as hackers focus on cashing in
Healthcare providers are overwhelmingly concerned by the potential threat of a breach caused by email and are making cyber resilience strategies to protect against ransomware and malware a top initiative over the next 12 months, according to a new report from Mimecast and HIMSS Analytics.
Overall, 83 percent of respondents said ransomware is the most concerning type of email-related threat, followed by malware, targeted attacks like spear-phishing and business email compromise. And 78 percent said their organization has already experienced a ransomware or malware attack within the last year.
The top three strategies to be focused on in 2018 are preventing attacks (94 percent), employee training (90 percent) and securing email (77 percent).
“Hackers aren’t done with the healthcare sector. WannaCry and Petya signal the incoming shift to more of these types of attacks,” said Mimecast Director of Technology Marketing David Hood. “Hackers are going to think about where they can get the best ROI for their effort.”
Eighty percent of respondents said email was far and away the biggest source of a potential breach, followed by laptops, EHRs, desktops, Hood added.
Based on these threats, 87 percent predict that email-related threats will increase or significantly increase in the future. In fact, a recent McAfee report found that ransomware and extortion attempts will proliferate in the coming year.
Why cybersecurity is top of mind for forward-looking healthcare orgs.
Healthcare organizations have already begun to prepare for the incoming attack vectors. Nearly all respondents (97 percent) have a high level of concern about cybersecurity and resilience and are building initiatives to improve their cyber resilience strategy.
Two other promising signs emerged in the research: gaining executive buy-in for cybersecurity work is less of a challenge than it was previously, and hospitals widely identified that employees are key to any security strategy.
“These kinds of ransomware attacks in an organization are effective, and hackers can monetize these attacks pretty quickly,” Hood added. “If you can disrupt patient care -- talk about an incentive for providers to stop to pay the ransomware and move on. Those attacks will keep happening.”