Data theft and ransomware attacks against health care and critical third-party providers are still happening at an alarmingly high rate in 2024, which is shaping up to be as severe as last year, the worst on record for health care breaches. 

You might remember the Ascension ransomware attack from May, one of the most devastating incidents in the health care sector, causing major issues for patients. 

A new report from Microsoft highlights that these attacks not only lead to data theft but also put patients’ physical health at risk.

I’M GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYS

Impact of ransomware on health care

Microsoft points out that beyond the financial risk to health care organizations, ransomware attacks can have life-threatening consequences. When health care providers lose access to diagnostic equipment or patient records due to ransomware, patient care is severely disrupted. For example, stroke code activations are nearly double during hospital attacks, with confirmed strokes increasing by 113.6%, and cardiac arrest cases rise by 81% and survival rates drop from 40% to just 4.5%.

Health care facilities near hospitals hit by ransomware attacks also feel the impact, facing a surge in patients needing urgent care that they may not be equipped to handle. As a result, patients often face longer wait times.

What’s more troubling is that these attacks aren’t limited to urban areas. Rural health clinics are also prime targets for cyberattacks. These facilities are particularly vulnerable to ransomware because they often lack the resources to prevent or respond to security incidents. And since these clinics are the only health care option within miles, a successful attack can be devastating for many rural communities.

Mother, daughter and doctor walking in a hospital (Kurt “CyberGuy” Knutsson)

HEALTH CARE RANSOMWARE ATTACK EXPOSES PERSONAL HEALTH INFORMATION OF OVER 100 MILLION

Why health care is the prime target?

Ransomware attacks on health care have shot up 300% since 2015, making it one of the top 10 most targeted industries in the second quarter of 2024. This rise is mostly because health care organizations store extremely sensitive data, and hackers know there’s big money to be made. With lives on the line, hospitals can’t risk poor patient outcomes if their systems go down or the exposure of patient data if they don’t pay. This reputation for paying ransoms just makes health care an even bigger target.

Some of the blame also falls on health care organizations. They tend to have lower cybersecurity budgets compared to other industries, making it harder to defend against these kinds of attacks. Many facilities don’t have staff dedicated to cybersecurity; some don’t even have a chief information security officer or a security operations center. Instead, cybersecurity often gets lumped in with regular IT duties. Plus, doctors, nurses and other health care staff might not get any cybersecurity training, so they might not even recognize a phishing email when they see one.

CLICK HERE FOR MORE US NEWS

Emergency sign at the entrance of a hospital’s emergency room (Kurt “CyberGuy” Knutsson)

NEARLY 1 MILLION MEDICARE BENEFICIARIES FACE DATA BREACH

7 proactive steps to take in the face of health care cyberattacks

With the rise in cyberattacks on health care providers, it’s wise to take proactive steps to protect your personal information and be prepared for potential disruptions in health care services:

1. Stay informed: Keep up to date with the latest news from your health care providers and reliable sources to stay aware of any disruptions or data breaches affecting systems and services.

2. Maintain personal health records: Keep copies of your health records on your own devices or printed out, including details like medications, allergies, past surgeries and other relevant health information. This can be crucial if electronic health records become temporarily unavailable.

3. Prepare for medical emergencies: Have a backup plan for emergencies, including knowing nearby alternative health care facilities. Research wait times and accessibility to help avoid delays if your primary facility is impacted.

4. Practice cybersecurity best practices: Use strong, unique passwords for online accounts and consider a password manager to help manage them. Enable two-factor authentication where available to add an extra layer of security.

5. Be vigilant against phishing: Cyberattacks often result in a spike in phishing emails and calls as attackers exploit the situation. Protect yourself by using strong antivirus software on all your devices, which can help block malicious links and detect phishing emails. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Confirm appointments: If you have upcoming appointments or procedures, contact your health care provider to confirm or reschedule if a cyberattack disrupts their normal operations.

7. Monitor patient portals: Keep an eye on patient portals like MyChart for updates on your medical records and communication with health care providers, as these can provide critical information during service disruptions.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

Kurt’s key takeaway

The surge in ransomware attacks on the health care industry is troubling and a harsh reminder that criminals don’t care about the lives at risk. They’re just after money. Health care organizations need to take lessons from the past two years, investing heavily in cybersecurity infrastructure and hiring dedicated staff to protect patient data and systems. With stronger defenses in place, the goal is to prevent these situations from reaching the point where paying a ransom is even considered.

Have you ever experienced delays or issues with health care services due to a cyberattack or system outage? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

The Federal Trade Commission has charged Sitejabber, an online review platform, with violating its new fake reviews rules by using point-of-sale reviews to misrepresent what customers think about products. In one of its first enforcement actions under new rules banning companies from making or selling fake reviews, the FTC is ordering the company to stop.

The FTC says Sitejabber “deceptively” punched up businesses’ review counts by incorporating responses to point-of-sale questionnaires asking customers to rate and review their shopping experience, before they’d actually gotten any products or services. It also alleges that by giving its clients tools to publish that feedback on their own sites, Sitejabber enabled them to mislead people to think the ratings and reviews were based on actual experience with what the companies were selling.

The FTC now forbids Sitejabber from “misrepresenting, or assisting anyone else in misrepresenting” that such reviews are based on customer experience with a product or service. The company is also barred from helping other companies misrepresent the reviews that “it collects, moderates, or displays.”

The regulator’s new anti-fake review rules, which went into effect last month, aim to address AI-generated reviews online, including on Amazon and other e-commerce sites. The FTC prohibits a swath of deceptive practices, such as offering incentives to leave feedback or creating a fake review website that seems independent but is actually owned by the very company that makes the products being reviewed. Or at least, it will for the next couple of months, after which the next US President will be sworn in and (probably) replace its leadership — and we’ll see what happens next.

Take-Two did not disclose the buyer of Private Division or how much they paid. In an emailed statement to The Verge, Take-Two spokesperson Alan Lewis wrote:

We recently made the strategic decision to sell our Private Division label to focus our resources on growing our core and mobile businesses for the long-term. As part of this transaction, the buyer purchased our rights to substantially all of Private Division’s live and unreleased titles.

Take-Two will continue to support No Rest for the Wicked, which launched in Early Access on PC in April. We are grateful for the contributions that the Private Division team has made to our company and are confident that they will continue to achieve success in their new home.

Take-Two CEO Strauss Zelnick told GamesIndustry.biz that the buyer would be named soon and said, “The team of Private Division did a great job supporting independent developers and, almost to a one, every project they supported did well. However, the scale of those projects was, candidly, on the smaller side, and we’re in the business of making great big hits,” like the upcoming Grand Theft Auto VI.