A majority of hospitals in the U.S. have been the target of a ransomware attack or could potentially become a victim, according to a poll by Healthcare IT News and HIMSS Analytics.
More than half of hospitals responding to the poll said they experienced a ransomware attack in the last year, and 25 percent said they were not sure if they had been attacked or did not have a way of knowing if such an attack occurred, according to an article at Healthcare IT News.
Law professor Shaun Jamison, J.D., Ph.D., recently told FierceHealthIT that the problem is hitting critical mass, and organizations must be prepared for attacks. "You have to look at what your IT folks are saying" during a ransomware event, Jamison, who teaches at Concord Law School of Kaplan University, said. "Can you overcome it without paying? What are the next steps?"
About 73 percent of the hospitals in the Healthcare IT News/HIMSS poll said they had a business plan in place to address a ransomware event, Brendan FitzGerald, HIMSS Analytics research director for advisory solutions, said in the article. Another 23 percent said they did not have such a plan in place, and 3 percent said they were unsure if they did.
"When asked if they would pay the ransom, almost half said they are unsure," FitzGerald added. "That calls into question how solid those plans really are when dealing with ransomware."
The FBI recently said it is not taking a stance on whether organizations hit by ransomware should pay. But one health system, Hollywood Presbyterian Medical Center, did pay hackers roughly $17,000 (40 bitcoins), a move CEO Allen Stefanek said was "in the best interest of restoring normal operations."
To learn more:
- here's the article