On one hand, the executives might be desperate to restore their IT systems to protect the health and safety of patients after a ransomware attack, while, on another, the hackers might not even return the data once ransom is paid or work for adversarial countries like Iran or North Korea, experts told the news outlet.
“No one wants to pay the ransom,” John Riggi, national advisor for cybersecurity and risk for the American Hospital Association, told the website. “It’s the equivalent of having a digital gun pointed at your head and at your patients. If a decision is made to pay, it is based on patient safety issues.”
If the group is tied to an adversary, he added, “you may be unintentionally funding their national strategic objectives, including for North Korea, their nuclear weapons program.”
While 61 percent of healthcare organizations say they’ve paid a ransom, according to a 2022 Sophos survey cited in the story, the White House is considering outlawing the practice.
Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society, advised against paying the ransom and recommended instead retaining cyber liability insurance, an incident response team and ransom negotiator.
“Even if you pay the ransom, it is not a guarantee that you’re going to get data back and it’s going to be successful,” cybersecurity consultant Crane Hassold told Chief Healthcare Executive. “There have been so many examples of you know, someone paying a ransom, and then not actually receiving a decryption key, or receiving a decryption key and it just not working.”
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
