The Business Explainer: Encrypted Healthcare Data Diminishes Ransomware Risk

By Albert McKeon
Posted on:
August 10, 2021
Share on:

How Serious is Ransomware to Your Healthcare Organization?

Serious enough that you should consider immediately protecting PHI and other sensitive data through encryption. When data is encrypted, it’s unreadable and worthless to cybercriminals, but still accessible to authorized users. More than 90 percent of all healthcare organizations suffered at least one security breach in the past three years, according to the consultancy Frost & Sullivan, and ransomware accounted for more than half of those breaches in 2020. Ransomware is also a complicated disruption to business in the short and long term. That’s why with encrypted sensitive data your healthcare organizations can find new cures, improve one-on-one relationships with patients, and pursue other data-driven initiatives without delay.

Ransomware Is Costly and Disruptive to Operations

The cost of a ransomware attack is exorbitant: IBM estimates it’s $4.62 million. According to Sophos, it costs $1.3 million, on average for a healthcare organization to recover from ransomware, while the cost of a single data breach in healthcare is $9.23 million. To make matters worse, in 2020 a healthcare organization faced anywhere from 15 to 21 days of downtime after an attack, says the ransomware response firm Coveware.

Compliance Risks Can Hamper Business for Years

Beyond a ransomware attack’s freeze of data and systems, there are larger ramifications that can pose lasting damage to your organization’s financial stability and image. In the aftermath of an attack, most healthcare executives can’t begin to guess the costs of regulatory penalties they could face over the loss of sensitive data. It could take years to see a final bill from Health and Human Services for a HIPAA breach. Moreover, the Treasury Department recently advised that any ransomware payment to a sanctioned entity such as a global criminal enterprise could result in civil penalties. Even a well-considered decision to pay ransomware—and free your critical data and services from being frozen—could bring severe fines down the road. But all is not lost: Tokenization conceals sensitive data by substituting data elements with a randomly generated value that can be revealed only to users with authorization. Aside from protecting data, tokenization eases the burdens of compliance. Regulators endorse pseudonymization, including through tokenization, as an effective form of data encryption. (See article 4, paragraph 5 of GDPR.) 

Ransomware Poses an Existential Threat to Your Organization

Ransomware attacks on patient data and medical systems threaten more than the bottom line: They also impede patient care. Increased ransomware attacks come as healthcare organizations rely more than ever on data-driven technologies. A ransomware attack delays those efforts. Healthcare is the most trusted industry to protect data and individual privacy, according to McKinsey. Your ability to stop ransomware from interrupting healthcare services will only bolster the reputation of your organization to manage sensitive data and pursue new ways of innovating with data.

Pursue the Benefits of New Technologies with Protected Data

The Internet of Medical Things (IoMT) market could be worth $158.1 billion in 2022, Deloitte predicts. Your healthcare organization has undoubtedly started to connect the data from telemedicine, wearable devices, and medical machinery to find new insights on patient care. You’re seeing how data analytics leads to new cures of diseases. And you’ll certainly want to use data to find ways to deliver outstanding care while maintaining expenses in the face of Deloitte’s expectation that global healthcare spending will increase to $10 trillion by 2022.

Protect Data and Keep it Out of the Wrong Hands

Your organization should tokenize PHI and all sensitive data, no matter where it travels in on-premises and cloud-based applications and databases. For one, tokenization is a bold compliance checkmark: GDPR eliminates the need to notify data subjects if breached personal data is rendered unintelligible to any unauthorized people. Also, if you’re victimized by ransomware, you can focus on restoring operations while your tokenized sensitive information continues to inform patient care and business. When authorized employees freely access and share data because its sensitive elements are protected, your organization can continue stepping forward with digital efforts to improve healthcare and manage costs. 

Protegrity Protects Data While You Focus on Healthcare 

Protegrity safeguards sensitive data from ransomware attacks and other cyber-breaches so your healthcare organization can focus on saving lives. But don’t take just our word for it. We protect the data of four of the top health insurers in the U.S. and several major regional insurers. That’s right: Protegrity safeguards the data of about 77 million individuals who have health insurance through private insurers, roughly 43 percent of all privately insured people in the U.S.

See How It All Works; Protect Your Data Now

Learn more about how you can protect your healthcare data from ransomware with this Technical Explainer. You can also schedule, today, a demonstration of the Protegrity Data Protection Platform and see firsthand how you can propel your healthcare initiatives with encrypted data. Please visit our website to get a demonstration of the platform.

Data made worthless in the wrong hands and brought to life in yours.










< Back to The Protegrity Blog

Subscribe to Stay up to Date

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.