The Uptick in Ransomware Attacks on Healthcare: Strengthening Cybersecurity for Patient Safety

Share This Article

by Will Hudec

In recent months, the healthcare sector has witnessed a concerning surge in cyberattacks, particularly ransomware attacks. These malicious acts pose a significant threat to patient care, data security, and the overall stability of healthcare organizations. This article explores the reasons behind the uptick in attacks on healthcare, how this differs from the norm of ransomware groups in the past and outlines key steps for ensuring good cybersecurity health in the healthcare industry. 

Traditionally, ransomware attacks targeted businesses with the aim of financial gain, but they would often avoid healthcare due to the impact it could have on patients. There have even been instances of ransomware groups providing a free decryptor when they realized a healthcare organization was hit.  

Late last year, Lockbit, one of the most prevalent ransomware gangs in the world, hit Sick Kids Hospital out of Toronto, but later formally apologized and offered the free decryptor: Image

However, it seems cybercriminals have shifted their focus to healthcare institutions due to the high value of healthcare data and the critical nature of their services. The healthcare sector holds vast amounts of sensitive patient information, including medical records, personal identifiers, and financial data, making it an attractive target for cybercriminals seeking to exploit vulnerabilities for financial gain. Recently Corewell and Priority Health in Michigan lost over 1 million patient records due to a breach of Welltok Inc., a system used to communicate with patients. 

Unlike other industries, the consequences of ransomware attacks on healthcare organizations extend far beyond financial losses. These attacks can disrupt hospital operations, compromise patient care, and jeopardize patient safety. For instance, when critical systems are compromised, emergency room services may be disrupted, leading to delays in patient treatment and potentially life-threatening situations. Earlier this week, Ardent Health Services, operating 30 hospitals in 6 U.S. states, had to divert emergency care patients to other hospitals in the area due to a cyber-attack. As a result of the attack, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet, and clinical programs. Moreover, the loss or inaccessibility of patient records can hinder healthcare providers’ ability to deliver timely and accurate care. 

The uptick in ransomware attacks on healthcare differs from the norm of ransomware groups in the past. Cybercriminals now employ sophisticated tactics, such as targeted spear-phishing campaigns and exploiting vulnerabilities in outdated software, to gain unauthorized access to healthcare networks. They often demand exorbitant ransoms, knowing that healthcare organizations are more likely to pay to restore critical systems and protect patient safety. This shift in tactics highlights the need for healthcare organizations to adapt their cybersecurity strategies to combat these evolving threats effectively. 

Key Steps for Good Cybersecurity Health in Healthcare: 

To safeguard patient data and ensure the continuity of care, healthcare organizations must prioritize cybersecurity. Here are key steps to strengthen cybersecurity posture: 

1. Implement Robust Security Measures: 

Healthcare organizations should adopt a multi-layered security approach, including firewalls, intrusion detection systems, and encryption protocols. Regular security assessments and vulnerability scans can help identify and address potential weaknesses. 

2. Employee Training and Awareness: 

Human error is a common entry point for cyberattacks. Healthcare staff should receive comprehensive training on cybersecurity best practices, including recognizing phishing emails, using strong passwords, and reporting suspicious activities. Regular awareness campaigns can reinforce good cybersecurity habits. 

3. Regular Software Updates and Patch Management: 

Keeping software and systems up to date is crucial to prevent vulnerabilities that can be exploited by cybercriminals. Regular patch management and software updates should be prioritized to address known security flaws promptly. 

4. Data Backup and Recovery: 

Regularly backing up critical data and storing it securely offline or in the cloud can help mitigate the impact of ransomware attacks. Having a robust data recovery plan in place ensures that operations can be restored quickly in the event of an attack. 

5. Incident Response Planning: 

Healthcare organizations should develop and regularly test an incident response plan to effectively respond to and recover from cyberattacks. This includes establishing communication channels, identifying key stakeholders, and outlining the steps to contain and mitigate the impact of an attack. 

The rise in ransomware attacks on the healthcare sector demands a proactive approach to cybersecurity. By implementing robust security measures, prioritizing employee training, maintaining up-to-date systems, and having a comprehensive incident response plan, healthcare organizations can enhance their cybersecurity posture and protect patient data and critical services from the growing threat of ransomware attacks. Strengthening cybersecurity in healthcare is not only crucial for protecting patient safety but also for maintaining public trust in the healthcare system’s ability to safeguard sensitive information. 

About Fortress SRM: 
Fortress Security Risk Management protects companies from the financial, operational, and emotional trauma of cybercrime by enhancing the performance of their people, processes, and technology.  

Offering a robust, co-managed solution to enhance an internal IT team’s capability and capacity, Fortress SRM features a full suite of managed security services (24/7/365 U.S. based monitoring, cyber hygiene (managed patching),  endpoint detection and response (EDR), and air-gapped and immutable cloud backups) plus specialized services like Cybersecurity-as-a-Service, Incident Response including disaster recovery & remediation, M&A cyber due diligence, GRC advisory, identity & access management, threat intelligence, vulnerability assessments, and technical testing. With headquarters in Cleveland, Fortress SRM supports companies with both domestic and international operations. 

In Case of Emergency: 
Cyber Attack Hotline: 888-207-0123 | Report an Attack:  

For Preventative and Emergency Resources, please visit: