Ransomware identity risk: are your controls keeping up?

TL;DR: Ransomware continues to drive large-scale financial, operational, and legal damage, with the article citing more than $40 billion in projected losses for US businesses in 2024, a median ransom jump from $200,000 to $1.5 million, and major incidents at Change Healthcare, British Library, and MGM Resorts. The real security issue is that one compromised identity can still create broad lateral movement and delayed recovery, making access governance a core ransomware control.

NHIMG editorial — based on content published by Imprivata: ransomware risk, business disruption, and access control

By the numbers:

• In 2024, attacks by ransomware were expected to cause more than $40 billion in losses for US businesses, including ransoms, productivity loss, and system outages.
• MGM Resorts said the cyberattack would cost the company more than $100 million.

Questions worth separating out

Q: How should security teams reduce ransomware impact through identity controls?

A: Security teams should reduce the number of identities that can reach critical systems, then separate privileged tasks from routine access.

Q: Why do privileged accounts make ransomware incidents harder to contain?

A: Privileged accounts make containment harder because they can reach many systems at once, including backups, servers, and administrative tools.

Q: What do organisations get wrong about ransomware recovery?

A: Many organisations treat recovery as a storage or backup problem and underweight identity control.

Practitioner guidance

• Tighten privileged account boundaries Reduce standing administrative access, separate high-risk functions, and ensure ransomware cannot reuse one privileged account across multiple business domains.
• Harden third-party access paths Review vendor and contractor sessions for obfuscation, MFA, and live monitoring, and remove always-on access wherever business terms allow.
• Map ransomware blast radius to identity ownership Identify which accounts can reach backups, finance systems, clinical systems, or production tools, then reduce those paths before the next incident.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

• The article’s ransomware examples with incident-level business impacts and recovery consequences.
• The vendor’s breakdown of access control measures such as MFA, least privilege, and privileged access management.
• The discussion of third-party access protections, including vendor session controls and credential obfuscation.
• The practical framing of how access management helps limit lateral movement during a ransomware event.

👉 Read Imprivata's article on ransomware risk and access control →

Ransomware identity risk: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →