by  Volodymyr Yelchev

Healthcare Security: Diagnosing Ransomware Risk

clock-icon-white  3 min read

According to the 2017 Ponemon Cost of Data Breach Study, healthcare data breac hes cost organizations $380 per record—more than 2.5 times the global average of $141 per record throughout other industries.

How can you be sure your systems are secure?

download pdf

The Diagnostic Tools: Security Assessments and Penetration Testing

If ransomware is the illness, then a regular security assessment is a diagnostic tool. A security assessment calculates the security posture of any particular system, and identifies where and how healthcare organizations are susceptible to an attack, and provides recommendations on how to prevent them.

One of the ways to assess security is through penetration testing.

Penetration testing is a simulated attack on your system, and is sometimes mandatory for compliancy with health regulations, such as HIPAA. Periodic penetration testing identifies vulnerabilities in your systems—before someone else does.

There are two parts to penetration testing when it comes to ransomware: the IT element and the human element.

The first part is understanding how your network is externally or internally insecure. A security expert studies and tests how its segments interact with one another. It requires the know-how of an IT expert to uncover the depth to which your system can be exploited.

The other part involves people: social engineering. Since ransomware attacks are frequently due to phishing emails and other user-oriented dupes, testing user behavior creates an idea of how attacks can occur. It assesses how different employees react to different traps, how they access the corporate network, how they use their email, and more. This testing can also be expanded into security awareness training, which ensures your employees will be less likely to be tricked by malware.

Both the security of your network and your employees’ level of awareness require penetration testing—and both require security experts.

The Power of Expertise Against Ransomware

At SoftServe, we rely on our security experts to give our clients the best and most current defense against ransomware attacks. Our core group of security experts includes Certified Ethical Hackers and PhDs in security-related fields. We give our clients the tools to better manage their security risks through patch management, security assessments, penetration testing, security awareness training, and more. And we make it our mission to know as much or more about exploiting security vulnerabilities as criminal hackers.

Our skilled team has helped many businesses make their systems more secure.

For example, we recently performed a security assessment and penetration testing for Shell Retail Ukraine. After experiencing a security incident, Shell initiated a penetration testing audit to evaluate the current level of IT security. They partnered with SoftServe based on our security certifications and extensive security expertise.


Penetration testing and social engineering attacks were conducted by four of our Certified Ethical Hackers, and uncovered a number of critical vulnerabilities that might have compromised sensitive data. Our services helped Shell to avoid a significant financial loss.

Applied to the healthcare industry, security measures are made compliant with the regulations that affect each individual organization. Security knowledge coupled with SoftServe’s experience in the healthcare industry makes us the perfect fit for applying security measures within regulation compliance such as HIPAA and others.

Learn more about preventing ransomware attacks in our latest white paper, “The Cure for Ransomware Attacks on Healthcare.”

download pdf