Freely subscribe to our NEWSLETTER

The reported ransomware attack against Artivion, a medical device and implantable tissue manufacturer, isn’t surprising and at the same time it is sobering. Artivion has disclosed that they disconnected the impacted portions of its network as a precautionary measure, has engaged with security professionals to recover and doesn’t believe the attack will materially impact business.

Today, healthcare sector entities should have an assumed breach mindset because threats will occur and no system in impenetrable. Disruptions will occur and how quickly you bounce back is imperative. All organisations really need to accept the likelihood of being compromised and put at least as much emphasis on speedy recovery as they do on prevention.

My advice for healthcare organisations today is to assess what their critical systems are, including infrastructure such as Active Directory (AD), because nine out of 10 cyberattacks target it. And by operating in the assume breach mindset, if you find one compromised environment or one malicious malware, assume that there are others that you have not discovered.

Also, it doesn’t pay-to-pay ransoms. Each company needs to make decisions that are in the best interest of their business, customers and partners. But time and time again organisations pay only to find out they received corrupted decryption key or none from the threat actors.