Why Many Healthcare Sector Entities End Up Paying Ransoms
BankInfoSecurity
|
Contributed by: Drex DeFord
Summary
Attorney Lynn Sessions of BakerHostetler revealed that approximately half of their healthcare sector clients end up paying ransom in ransomware attacks, despite initial reluctance. Speaking with Information Security Media Group, Sessions highlighted that the unique operational requirements of the healthcare sector, including the need to maintain patient care 24/7, make it particularly vulnerable to such attacks. The firm's 10th annual Data Security Incident Response Report, which analyzes over 1,150 security incidents across various sectors, indicates a trend of double-extortion techniques being used against healthcare organizations. Sessions advised against paying for data suppression alone, noting the complications that can arise even after paying ransoms, such as data still being leaked. She emphasized that paying a ransom does not exempt an entity from HIPAA breach reporting obligations or from potential lawsuits, underlining the complex decision-making process involved in responding to ransomware attacks and the importance of preparedness and comprehensive security measures.