Healthcare providers are opting to pay a ransom in the event of ransomware attacks, instead of recovering it from data backups. The reason is as it is easy and guarantees 100% encrypted data return- Of course, as per their perspective!
According to the data released by Sophos that was also commissioned by global market research company Vanson Bourne, up to two third’s of ransomware victims from Global Healthcare Organizations (HCOs) were bent to pay their attackers as the cost of remediation and losses incurred from operational disruption was double than paying a ransom straightaway.
The State of Ransomware in Healthcare 2022 report is against what is being urged by the law enforcement agencies such as CISA and the FBI. In November 2019, the Federal Bureau of Investigation discouraged victims from paying a ransom, as it not only encourages crime but also doesn’t guarantee a decryption key for sure in return.
An increase in cyber attacks in volume on businesses operating in the healthcare sector was also observed between 2020-2021.
What’s problematic in this whole scenario is that insurance companies hesitate to take such companies’ undercover lack of history on attacks and uncertainty of attacks in this sector to quantify risks are creating difficulties for companies to take a step ahead.
And even if they take such companies undercover, they exclude data breaches from their insurance backup as it involves a lot of risks that do not qualify in equilibrium with the payment made to the policy.
So, after gauging all the pros and cons, those involved in healthcare are happy paying a ransom, instead of recovering the locked-up data from an efficient disaster recovery plan.
Â
