Despite ransomware attacks on health care organizations nearly doubling over the period from 2016 to 2021, these organizations remain ill equipped at preventing and detecting these attacks. Cybercriminals typically prioritize patient data as the primary and most profitable target, but intellectual property (IP) is just as lucrative. The consequences of this data being exfiltrated or exploited unnerve many health care executives. If IP is breached, compliance violations and expensive penalties can follow.
Hospitals, practitioners and health care organizations are the latest victims of ransomware
Extending a trend that reaches back several years, ransomware attacks in the health care sector remain dire and continue to grow in volume. For example, ransomware group BlackCat/ALPHV claimed to have targeted McLaren Health Care. The attack impacted 2.2 million of the Michigan-based company’s customers with compromised assets including billing information, social security numbers and patient information. Several of the affected individuals are seeking compensation and have commenced lawsuits against McLaren.
In another instance, Prospect Medical Holdings suffered an extensive ransomware attack in August 2023. The company operates 16 hospitals and over 165 clinics and outpatient centers. The debilitating attack forced the company to shut down clinical operations and temporarily revert to paper processes — causing unexpected downtime and major disruption to patient care.
In another attack, ransomware claimed the Texas-based hospital BSA Health Systems. The hospital’s systems succumbed to an intrusion that forced ambulances to divert patients to other facilities and caused network outages — critically interfering with emergency care. Unsurprisingly, the infection wasn’t limited to BSA Health Systems, but also impacted other hospitals owned by Ardent Health Services.
Ongoing headlines underpin the harmful repercussions of ransomware attacks on the health care industry. Whether their effects are reputational, operational or financial, ransomware data encryption and exfiltration have an irrefutable impact on the lives of patients and health care professionals.
Why intellectual property is a keystone of medical and scientific advancements
In trying to make sense of today's real-world ransomware incidents in health care, we recognize that patient data isn’t always the principal target of cyberattacks. Health care intellectual property continues to be a focus of some ransomware groups. This data includes patents, trademarks, copyrights, trade secrets, medical research, treatments and technologies. As health care becomes more personalized and connected, health care-related patents are increasingly necessary to protect proprietary innovations such as medical devices and drugs. Additionally, these patents play a role in helping incentivize medical research and development.
Many hospitals and health care facilities rely on trademarks to safeguard their name, logo and brand to ensure patients can’t confuse products or services. Health care trademarks also help visiting patients recognize facilities more easily in a physical location and across the internet. Beyond marketing purposes, trademarks serve as a source of revenue involving licensing and franchise agreements.
Health care IP that is stolen, leaked or illicitly published can have distressing consequences on physicians, patients and cross-licensing partnerships. For example, during COVID-19, hospitals faced challenges to protect systems against data IP theft and cyber espionage attacks. Protecting IP was at the forefront of every health care initiative as researchers fought to identify leading vaccine candidates. A growing concern was that malicious actors would try to influence the pharmaceutical market by exploiting the risks and side effects of the developing vaccines or manufacturing technology used to engineer vaccines.
Compromised IP greatly hinders the advancement of medicine, science and health care innovation. Hackers recognize the pressing timelines health care organizations are under and take advantage of this urgency as a bargaining chip. Ransom demands are set at a high cost because criminals know health care organizations are working on short timelines.
Facing health care data protection head on
Prevention-first approaches against cyberattacks and data IP theft are the most effective measures that the health care industry can implement. This includes using multilayer security strategies to reinforce protection measures and ensure holistic security. Adversaries struggle to outmaneuver multilayered protection that prevents them from reaching sensitive data. Firewalls, access controls, multifactor authentication, patch management and email security are examples of preventative methods used in a multilayered protection strategy.
Moreover, endpoint detection and response (EDR) helps health care organizations build an additional layer of protection against ransomware attacks. The technology is a key component in a comprehensive endpoint protection strategy that continuously monitors endpoint devices for suspicious activities, detects threats, and prevents and stops attackers before they can do harm. Once a threat is discovered, IT security teams can quickly act on identifying it and rapidly responding in an appropriate manner.
Data encryption is another integral security measure that prevents data from being usable if it falls into the wrong hands. By encrypting data, it’s much more difficult for unauthorized individuals to gain access to information.
Health care institutions can further protect sensitive IP with a robust data protection regimen that includes maintaining multiple backup copies in different locations (e.g., off-site and in the cloud), encrypting all backups, and scanning and remediating backups for malware and unpatched vulnerabilities prior to restoral operations.
How to fortify your defenses: Acronis Cyber Protect
Acronis Cyber Protect unifies data protection and cybersecurity to deliver integrated, automated cyber protection that solves the mounting digital challenges of the health care industry and more. Acronis provides superior cyber protection for data, applications and systems with innovative next-generation antivirus, backup, disaster recovery and endpoint protection management solutions powered by AI.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.