As we know, falling victim to a ransomware group can be very costly. Remember, it’s not just the ransom payment—the cost of getting your business back to work and then improving security to prevent a repeat of the attack often outweigh it.

According to research by Coveware, the average ransom payment amount was close to $400,000 in the first quarter of 2024. But as Fisher Phillips pointed out, beyond the payments, the average cost of each ransomware attack last year was over $5 million, which is very close to the $4.45 million that IBM quotes for the cost of a data breach.

So, even if you don’t pay the ransom, have an excellent backup strategy, and your ransomware recovery plan is optimized and readily executable, there can still be significant disruption.

It’s also no secret that healthcare organizations are usually not in the happy place I described above. They simply don’t have the money, resources, or IT teams that would be necessary to get there.

A painful example is the Australian e-prescription provider MediSecure. The company facilitates electronic prescribing and dispensing of prescriptions. Last month, it confirmed a large-scale cybersecurity incident in which personal and health-related data were stolen.

Three weeks further on and MediSecure has entered voluntary administration. Voluntary administration is an insolvency procedure where an external administrator is appointed because the company is in financial trouble.

Voluntary administration is designed to resolve a company’s future. The voluntary administrator takes full control of the company. This allows the director or a third-party time to find a way, if possible, to save the company or its business.

As we have pointed out in the past, the days that ransomware groups steered clear of healthcare organizations are long gone, and some groups even appear to single out healthcare organizations for special attention.

Healthcare data is also easy to ransom because of the value patients, clinicians, lawmakers, and healthcare organizations place on keeping it private. That, combined with the historical under-investment in cybersecurity, and the ongoing digitalization of healthcare, makes it a tempting target.

How to avoid ransomware

• Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
• Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
• Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
• Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.