Improving Healthcare Cybersecurity Resilience with Cybersecurity and Infrastructure Security Agency (CISA) Resources
Written by: Ali Khan, Director of Cyber Defense & Risk Management, & Cheryl Reifsnyder, PhD
In the past 5 years, researchers have found that ransomware attacks against healthcare organizations more than doubled—and they suspect their numbers underestimate the true threat. Ransomware is a malicious variety of software criminals use to prevent access to a facility’s electronic systems and records, usually by encrypting their files. The criminal group perpetrating a ransomware attack will generally demand a ransom payment before allegedly restoring data access.
A common victim of ransomware attacks? Medical clinics of all specialties. During the same time period, the exposure of Protected Health Information (PHI) increased more than 11-fold, from about 1.3 million in 2016 to more than 16.5 million in 2021. In 2022, the FBI’s Internet Crime Complaint Center reported receiving more reports of ransomware targeting healthcare and public health sector facilities than any other critical infrastructure sector.
Although a 2023 survey showed a decrease in the rate of ransomware attacks, from 66% to 60%, this rate is still nearly double the 34% rate reported in 2021. The majority of targeted healthcare organizations successfully regained their encrypted data, 42% by paying the ransom, and 73% by using backups for data recovery, but the total cost of recovery increased from $1.85 million to $2.20 million.
Most significantly, research published in the Journal of the American Medical Association Health Forum revealed that even with the eventual recovery of data, over 44% of reported ransomware attacks (2016 to 2020) disrupted the organization’s ability to provide care, potentially threatening patient safety and outcomes. Common disruptions included:
- Electronic system downtime (41.7%)
- Cancellation of scheduled care (10.2%)
- Ambulance diversion (4.3%)
Comparitech reports that ransomware attacks have caused average system down times of just under 15 days in 2020 to nearly 18 days in 2023. Actual recovery times can be even longer.
Researchers are finding that ransomware attacks on healthcare organizations are increasing in sophistication as well as increasing in frequency; experts often advise healthcare systems to view the threat of cyberattacks as a scenario they will someday have to face.
At Veradigm, safeguarding the digital landscape of our healthcare partners and clients is paramount. In this article, we introduce you to a number of invaluable resources provided by the Cybersecurity and Infrastructure Security Agency (CISA), resources that can help decrease your practice’s cybersecurity risk and improve your cybersecurity resilience.
CISA’s cybersecurity alerts & advisories
CISA is the nation’s cybersecurity risk advisor, an organization that works with partners in both public and private sectors to defend against a wide range of cybersecurity threats. CISA collaborates with industry partners to create a more secure and resilient infrastructure for the future. It seeks to help organizations better manage risk and increase resilience by using all available resources—whether those resources are provided by the Federal Government, commercial vendors, or the individual organization.
One resource CISA provides is an ongoing list of Cybersecurity Alerts & Advisories. CISA strongly recommends signing up for these alerts, which are designed to provide timely information on emerging threats, vulnerabilities, and other cybersecurity-related issues. These advisories also include mitigations that industrial control systems medical vendors have published for product vulnerabilities. Subscribing to these alerts enables healthcare organizations to stay informed of the latest cybersecurity news and intelligence published by CISA, enabling a proactive cybersecurity stance.
Navigating the StopRansomware platform
The StopRansomware.gov site is another invaluable resource offered by CISA. This site provides a comprehensive suite of guidance materials and resources, including the #StopRansomware Guide, to assist organizations in mitigating the risks associated with ransomware. The platform serves as a one-stop resource, ensuring healthcare entities are well-equipped to detect, prevent, respond to, and recover from ransomware incidents. Veradigm encourages its clients to explore and utilize the resources available on StopRansomware.gov to bolster their defenses against ransomware threats.
Reporting cyber incidents to CISA
In the face of a cyber incident, timely reporting is crucial. CISA urges organizations to report cyber incidents through their dedicated incident reporting portal. This mechanism not only facilitates a coordinated response from our federal partners but also contributes to the broader understanding and mitigation of cyber threats. At Veradigm, we echo this recommendation and urge our clients to leverage CISA’s incident reporting portal when appropriate, ensuring a collaborative approach toward enhancing cybersecurity.
Engaging with local regional CISA offices
CISA emphasizes the importance of connecting with local, regional offices for tailored guidance and support. CISA’s services are performed by on-the-ground personnel in 10 regional offices. Teams in each regional office are ready to assist and connect organizations with local advisors. Veradigm encourages organizations to contact their regional CISA offices for a more personalized cybersecurity support experience.
Veradigm: Your partner in cybersecurity excellence
Veradigm is committed to safeguarding PHI through the constantly evolving landscape of cybersecurity challenges. CISA’s offerings are particularly relevant against the current backdrop of escalating and evolving cyber threats targeting the healthcare sector. Together, let’s leverage the power of CISA’s resources to construct a more secure and resilient healthcare cybersecurity landscape.
Contact us today to learn more about the security offered by Veradigm products and cloud-hosted services.