Ransomware Attacks on the Healthcare Industry Are Surging

Hackers Are Locking Hospitals Out of Their Own Computer Systems—and Holding the Data Hostage

If you work in healthcare, you’re probably used to the routine of getting Monday’s first shift going. But what if it all grinds to a screeching halt when a malicious cyberattack locks all computer systems? Prescription refills, testing, and imagining all come to a halt. The lobby filled with patients who’ve already signed in need to hear the disappointing news on why they won’t be able to be seen.

It’s not just one clinic, either. After infecting 140 clinics in Kentucky and Indiana, it became clear that the Royal ransomware group was capitalizing on the critical and sensitive nature of the healthcare industry.

The recently published Verizon Data Breach Incident Report (DBIR) found that attackers are aware of the back-ups, stress, and loss of trust they inflict.

Why Healthcare Organizations Are a Prime Target

“Healthcare is beset by ransomware gangs, and this led to an increase in confirmed data breaches in 2022,” said Suzanne Widup, a researcher for the Verizon DBIR. “Healthcare is seen as a soft target where there are a lot of internal errors that lead to vulnerabilities.”

The report details that, throughout 2022, there were 525 incidents reported, with 436 leading to confirmed data disclosure. Specifically, “74% of all breaches include the human element, with people being involved either via Error, Privilege Misuse, Use of stolen credentials or Social Engineering.” For example, someone inadvertently sends data or documents to unauthorized people; an admin misconfigures a system or fails to patch systems; or an employee abuses their privileges by viewing and potentially exposing personal, medical, credential, or other sensitive information.

The primary motivation, as noted by the Verizon DBIR, for attacks targeting healthcare organizations continues to be financial – the report notes that 95% of breaches in the industry are financially-driven.

One Hacker’s Gains Becomes a $10 Million Loss

Ransomware gangs place a high premium on the healthcare vertical because they know that availability is a critical objective for healthcare organizations. Simply put, healthcare organizations will pay ransoms because they need their operations to stay up and running. If they don’t, malicious hackers can cause the denial of medical services to people, sometimes leading to life-threatening consequences, while releasing data exposes patient data, medical records, and personally identifiable information.

While the volume of healthcare ransomware incidents peaked in 2021, the DBIR noted a jump in confirmed data breaches due to ransomware encryption over the past three years.

These successful breaches now cost the industry an average of $10.1 million a year, making it the most expensive sector for cybersecurity breaches. This means healthcare enterprises need to find ways to prevent cyber-attacks as much as possible.

Robust Device Management for Healthcare Organizations

Healthcare providers are on a mission to heal, serve their community, and safeguard Protected Health Data. Protecting patients isn’t a single task that lives in isolation. It’s a result that comes from a symphony of continuous security.

Healthcare organizations need a way to get real-time vulnerability scanning and endpoint monitoring for every device, including mobile devices, across multiple operating systems. Prevention instills confidence in the security of your network and devices. And by today’s standards and rise in attacks, having firewall and anti-virus installed isn’t enough.

But when you can monitor all your enterprise’s devices and their states on a single interface, easily customized but also designed to prioritize major issues, you can spot risks before they become bigger.

How can you do this? By leveraging a unified security and endpoint management (USEM) platform.

With a USEM solution, IT and security teams can scan for, identify, and address attack vectors or weaknesses and:

  • Block communication from an infected device to the internet
  • Isolate endpoints
  • Access endpoints in real-time, giving you fresh data so you truly know the status of the device
  • Prioritize and deploy OS and third-party patches to all major operating systems and Windows feature updates
  • Enable security teams to more quickly find and fix cyber risks and gaps

Remediating those issues and reducing your attack surface doesn’t have to take days of waiting for a vulnerability scan to finish — and then sending that data off to another team to identify fixes before finally applying them.

With the right IT and security partner, you can see more clearly across your environments and prevent attacks from creating a bigger headache. Find out how you can greater peace of mind with Syxsense. Schedule your demo below.