Half of US Hospitals Shut Down Networks Due to Ransomware

hospital ransware

Nearly half (48%) of US hospitals have disconnected their networks in the past six months due to ransomware, according to a new study from Philips and CyberMDX.

The Perspectives in Healthcare Security Report is based on interviews with 130 IT and cybersecurity hospital executives and biomedical engineers and technicians.

The findings revealed the outsized impact ransomware continues to have on healthcare organizations (HCOs) after they battled a surge in attacks during the early months of the pandemic.

Respondents who admitted to shutting down networks due to ransomware were a mix of those who did so proactively to avoid a damaging breach and those forced to do so because of severe malware infection.

Medium-sized hospitals appear to have suffered most from the impact of such attacks. Of respondents that experienced a shutdown due to external factors, large facilities suffered an average of 6.2 hours downtime at the cost of $21,500 per hour. In comparison, mid-size hospitals averaged nearly 10 hours at $45,700 per hour.

Skills gaps and low levels of investment in cybersecurity were highlighted as possible contributing factors. Just 11% of respondents said cybersecurity is a “high priority” for spending, while nearly half of all respondent types claimed their medical device and IoT security staffing levels are inadequate.

More concerning still is that many hospitals still appear to be exposed to severe legacy vulnerabilities: 52% of respondents admitted they’re not protected against the BlueKeep bug, rising to 64% for WannaCry and 75% for NotPetya.

CyberMDX CEO, Azi Cohen, claimed the report would help to raise awareness of critical cybersecurity deficiencies among many HCOs.

“With new threat vectors emerging every day, healthcare organizations are facing an unprecedented level of challenges to their security,” he added. “Hospitals have a lot at stake — from revenue loss to reputational damage, and most importantly patient safety.”

One of the first steps towards improving security posture is comprehensive asset discovery and inventory. However, here too many HCOs are currently failing.

Nearly two-thirds (65%) of respondents claimed they rely on manual methods to calculate inventory, with many of those from mid-size hospitals (15%) and large hospitals (13%) admitting they have no way to determine the number of active or inactive devices on their networks.