The healthcare industry remains a prime target for ransomware hackers, with 20 per cent of all sensitive data compromised in each healthcare organisation ransomware attack, compared to 6 per cent for an average organisation, according to research by Rubrik Zero Labs.
“There’s a pressing need for deeper collaboration between government, industry, and other stakeholders to fortify cyber resilience in Asia, particularly in critical sectors like healthcare,” said Abhilash Purushothaman, vice president and general manager for Asia at the cybersecurity company.
He explained that the surge in digital service delivery and cloud adoption means a growing number of cyber threats in the Asia-Pacific region. This poses a significant risk to sensitive data for the healthcare industry which handles vast amounts of information.
Purushothaman added that Singapore has the unique added challenge of an ageing population, which will inevitably lead to growth in healthcare data.
“By comprehensively examining these challenges and working collectively, the nation can enhance its cyber resilience posture, enabling quicker and more predictable recovery from cyberattacks while reducing data security risks,” he said.
According to Rubrik, the healthcare industry far surpasses the global average in sensitive data—with 22 per cent more data than the global average.
A typical healthcare organisation saw their data estate grow by 27 per cent last year, and is likely to have over 42 million sensitive data records, which is 50 per cent more sensitive data than the global average of 28 million.
Rubrik found that sensitive data records in observed healthcare organisations grew by more than 63 per cent in 2023 — far surpassing any other industry and more than five times the global average (13 per cent).
According to Rubrik, virtualisation really matters for healthcare and ransomware. Some 97 per cent of all encrypted data that Rubrik observed in healthcare organisations last year occurred within virtualised architecture compared to 83 per cent across all industries.
New security blind spots
The growing cloud adoption among organisations has resulted in new security blind spots emerging. In 2023, Rubrik found that the cloud stored 13 per cent of an organisation’s data, compared to 9 per cent in 2022. In comparison, data stored on-premise declined from 77 per cent in 2022 to 70 per cent in 2023.
The cloud comes with inherent risk based on security blind spots and vulnerable sensitive data, according to Rubrik. In a typical cloud instance, 70 per cent of all data is stored as object storage, which generally has much lower security coverage compared to other storage areas.
Additionally, 88 per cent of this object storage data is neither confirmed as machine-readable nor covered by leading security technologies and services.
Furthermore, over 25 per cent of the data in object storage is subject to regulatory or legal requirements, including protected health information (PHI) and personally identifiable information (PII).
In the Asia-Pacific countries surveyed by Rubrik (Singapore, Japan, Australia, and India), cyber attacks are prevalent, and are met with an inadequate response.
Some 71 per cent of cyberattacks in the Asia-Pacific countries surveyed impacted Software as a Service (SaaS) data, more than the worldwide average of 67 per cent.
This shows the rapid adoption of SaaS solutions in the region, with SaaS adoption expected to contribute to 37.8 per cent of the entire Asia Pacific public cloud service market by 2026, according to IDC.
Another finding is that ransomware remains a key threat in the region, affecting 38 per cent of Asia-Pacific organisations—five percentage points more than the worldwide average. Singapore organisations experienced a higher rate of ransomware, affecting 41 per cent of organisations.
Furthermore, findings show that 97 per cent of Asia-Pacific victims had to pay the ransom in order to get their data back, compared to 93 percent of the global average.
“This highlights a gap in knowing the appropriate response to cyberattacks and the lack of a proactive, comprehensive data protection and recovery strategy,” said Purushothaman.
“Organisations must adopt an assumed breach mindset, developing strategies for recovery and resilience following an attack, rather than placing all their faith in perimeter defences.”
Psychological impact
The psychological toll of cyberattacks on IT and SecOps teams can be significant.
According to Rubrik’s research, 96 per cent of senior IT and security leaders in the Asia-Pacific reported changes to their emotional or psychological state following a cyberattack, with 38 per cent worrying over job security.
“This can consequently impair their decision-making and performance during critical incidents. As such, boards may opt for leadership changes to bring in fresh perspectives and renewed energy to navigate these challenges,” said Purushothaman.
