Rural US hospitals are losing the ransomware war

Hospitals in rural areas of the United States are being increasingly targeted by ransomware (opens in new tab) threat actors, experts said at a Senate hearing on Thursday this week. 

Per Cyberscoop, the most pressing sentiments shared at the March 16 Senate Homeland Security and Governmental Affairs Committee hearing were that healthcare organizations in these areas are attractive targets due to their lack of qualified cybersecurity staff and other resources, such as staff.

Witnesses did say that, however, that private industry groups and federal government agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA), are supplying the industry with plenty of information on how to address the growing problem of ransomware.

Going after data

Kate Pierce, senior virtual information security officer at cybersecurity firm Fortified Health Security, asked for more funding for healthcare organizations, so as to be more capable at putting theory into practice.

“We also saw cybercriminals shift their focus to small and rural hospitals with this group lagging behind in strengthening their defenses,” Pierce said. “Our rural hospitals are facing unprecedented budget constraints with up to 30% or more in the red, with the public health emergency scheduled to end in May.”

By nature, healthcare providers generate a lot of data on their customers, many of which are extremely sensitive (information regarding a person’s health and illness history, payment details, employment status, etc.). As such, they’re an important target for ransomware operators and data thieves.

Just this week, high-profile cyberattacks against two healthcare providers were revealed, with Independent Living Systems (ILS) leaking more than 4.2 million user records, and hardware and software company Zoll Medical having records belonging to over a million customer and employees stolen.

Via: Cyberscoop (opens in new tab)

Source

Be the first to comment

Leave a Reply

Your email address will not be published.


*


twenty − three =