Marilyn Wilkinson, February 2024

Ransomware in Healthcare: How and Why Do Attacks Happen?

The healthcare industry is one of the most popular targets, with 60% of healthcare companies experiencing a ransomware attack in the last year. Cyber attacks on healthcare institutions are more than just a breach of security; they’re a matter of life and death, jeopardizing the security of sensitive patient data and the delivery of essential services.  Keep reading to find out how and why attacks happen, and what healthcare providers can do to protect themselves.

How Does Ransomware Affect Healthcare?

Ransomware is a type of malicious software designed to block access to a computer system or encrypt data until a sum of money is paid. Ransomware attacks can affect any company in any industry, but healthcare has always been a prime target, from small children’s clinics to large hospital networks.

According to the European Union Agency for Cybersecurity (ENISA), hospitals make up 42% of ransomware attacks in the healthcare industry, followed by health authorities, bodies and agencies (14%), and the pharmaceutical industry (9%). 

This is worrying because patients rely on hospitals for essential and sometimes urgent treatment. Disruptions can lead to life-threatening situations. Here are a few tragic real-life examples:

  • Ardent Health Services, a healthcare chain that operates 30 hospitals in six states, had to divert patients from its emergency rooms and delay essential planned surgeries 
  • In Alabama a baby born during an attack suffered severe brain injury due to compromised care, ultimately leading to her death
  • In Düsseldorf, Germany, a life was lost after a ransomware attack forced an ambulance to redirect a patient to another hospital, delaying crucial treatment for an aneurysm

How Do Ransomware Attacks Happen?

In recent years, hospitals and other healthcare organizations have made efforts to digitize their processes. Digital transformation has its advantages, but it’s also opened up new doors—literally—for cybercriminals. 

The mechanics of how ransomware infiltrates healthcare systems are as varied as they are sophisticated. Common methods include phishing, where attackers send deceptive emails tricking recipients into clicking on malicious links or downloading infected attachments. 

Another frequent entry point is through exploiting vulnerabilities in outdated software or unsecured networks, which are all too common in the complex IT environments of healthcare institutions.

The consequences can be severe. A study found that 47% of healthcare organizations took a week to recover from an attack, and 28% more than a month. The long recovery time also leads to higher costs, with the average cost of an incident rising from $1.85M to $2.2M in 2023. But of course, it’s not just about the financial costs. People’s lives are at stake. 

The healthcare sector has always been one of the most popular targets, along with government institutions, public services, education, and financial services. There are a few reasons why cybercriminals love health organizations: 

  • Valuable Patient Data

Healthcare records contain comprehensive personal and medical information, making them highly valuable on the black market. This data includes everything from social security numbers to detailed medical histories, offering a treasure trove for identity theft and fraud.

  • Critical Infrastructure

Hospitals and healthcare providers rely on real-time access to patient data and systems to deliver care. Disrupting these systems can have life-or-death consequences, leaving the organization with no choice but to pay the ransom

  • Inadequate Cybersecurity Measures

Outdated systems, limited cybersecurity budgets, and a shortage of trained cybersecurity personnel leave the healthcare industry vulnerable to attacks. As a result, 75% of attempted ransomware attacks on healthcare organizations in 2023 were successful. 

This might leave you wondering, what can healthcare institutions do to improve their defenses against ransomware? The good news is, by adopting proactive ransomware protection and adhering to best practices, healthcare organizations can significantly enhance their resilience against these threats.

Best Practices for Ransomware Protection in Healthcare

Enhancing healthcare cybersecurity involves a multifaceted approach. Here are some steps healthcare companies can take to bolster their cybersecurity defenses:

  • Cybersecurity Training

Healthcare organizations should educate employees on cybersecurity hygiene, such as identifying phishing emails and secure password protocols. The training program should also address healthcare-specific risks, like safeguarding electronic health records (EHR) and understanding the privacy laws surrounding patient data. Tailoring these sessions to different roles ensures that all staff, from administration to medical professionals, are equipped to protect sensitive information.

  • Regular Software Updates and Patch Management

Keeping all software, including operating systems and applications, up to date is vital for securing healthcare systems against ransomware exploits. Cybercriminals frequently target known vulnerabilities in outdated software. Establishing a routine for regular updates and patches ensures that these vulnerabilities are addressed promptly, reducing the attack surface available to potential attackers.

  • Zero Trust Security 

Zero trust security operates under the assumption that no user or device, whether inside or outside the organization’s network, is trustworthy. This model requires verification for every access attempt to the network and its resources, significantly minimizing the risk of unauthorized access. By enforcing strict access controls and always verifying user credentials, healthcare organizations can better protect sensitive data and critical systems.

  • Incident Response Preparedness

Having a solid incident response plan in place is critical for minimizing the impact of a ransomware attack. This plan should outline specific steps for identifying, containing, and eradicating the threat, as well as for recovering affected systems and data. 

  • Comprehensive System Monitoring with ProLion CryptoSpike

ProLion CryptoSpike detects and blocks ransomware attacks in real-time at the storage level. This gives organizations a last line of defense, stopping any attack in its tracks so organizations can ensure the integrity of patient data and continuity of care.

ProLion: Your Ally in Ransomware Protection

As cybercriminals become increasingly sophisticated, so too must your defenses. Don’t wait for an attack to recognize the importance of cybersecurity in healthcare. Speak with one of our cybersecurity experts or grab our free whitepaper to learn more about the most effective ransomware protection strategies.