The Impact of Ransomware in the Healthcare Sector

How many ransomware attacks did the Healthcare sector suffer in 2021? In a recent survey of healthcare organizations, 34% of respondents indicated they had suffered a ransomware attack in 2021. The healthcare sector thereby fared better than the global average of 37% for all industries combined. It also came in under retail and education, sectors where 44% of respondents revealed that they had weathered an infection.

That’s not to say that healthcare organizations are optimistic about the future, however. Nearly half (41%) of those spared from ransomware in 2021 said that they fully expected to experience a ransomware attack of their own in the future. Only a quarter of this subset of respondents felt confident that their systems were safe against future attacks.

Why Is the Healthcare Sector Being Targeted?

The COVID-19 pandemic gave attackers an incentive to up their attacks against healthcare organizations. As noted by the Wall Street Journal (WSJ), the logic is that hospitals are too busy trying to deliver care to their patients to negotiate down the ransom amount. 

Malicious actors understand this. That explains why some ransomware gangs have been deploying their payloads more quickly on healthcare victims’ networks since the beginning of the pandemic. They want a bigger payday, and they want it with the least amount of effort on their part.

Simultaneously, digital attackers understand that security hygiene and protection are not always priorities for healthcare organizations. Enterprise.nxt wrote that many of these entities have not implemented security controls like two-factor authentication, malware protection, and network scanning. Many of those organizations also haven’t used security awareness training to cultivate their employees’ familiarity with phishing attacks and other digital threats confronting them.

What Is the Impact of Ransomware on Healthcare Organizations?

In a 2021 survey, the Ponemon Institute learned that ransomware attacks limit the ability of health delivery organizations (HDOs) to provide patients with care on a timely basis. Seven in 10 participants to the study noted that a successful ransomware infection had resulted in longer stay lengths for their patients. 

Slightly fewer (65%) explained that ransomware attacks had put organizations into a position where they needed to divert or transfer a higher number of patients to other healthcare facilities.

The outcomes were even more serious for some. For instance, 71% of respondents wrote that ransomware infections had resulted in delays for medical procedures and tests. Meanwhile, 36% of respondents said that they had seen an increase in complications from medical procedures. One in five revealed that they had even seen a rise in patients’ mortality rate.

What are Some Key Challenges Confronting the Healthcare Industry?

First, healthcare organizations aren’t confronting traditional ransomware infections anymore. Few are anymore. Indeed, gone are the days of commodity ransomware infections where attackers use spray and pray techniques or phishing expeditions to trick victims into clicking on a malicious link or opening a tainted document—all for the purpose of obtaining a small ransom. 

Organizations are now facing what’s known as RansomOps. These are highly targeted, complex attacks that are more akin to APT operations. In these campaigns, attackers want to get access to as much of the network as possible before detonating the ransomware payload for maximum effect and for making multi-million-dollar ransom demands.

Second, healthcare entities struggle with data breaches. Organizations in this sector suffer more data breaches than any other sector, noted SecurityScorecard, with entities in this industry having weathered 2.8 million breaches each month over the course of 2020. 

Healthcare organizations just don’t have the resources to stay up to date with new security controls measures necessary for protecting patients Social Security Numbers and other personally identifiable information (PII). 

Finally, there’s the issue of cloud threats. SecurityScorecard also pointed out that many healthcare providers are turning to cloud-based data storage to drive their data retrieval needs. The issue is that many of those cloud-based solutions aren’t HIPAA compliant, making organizations’ health care systems an easy target for attackers.

How Can Healthcare Organizations Better Prepare for Ransomware?

First, healthcare organizations need to assume that they’ll be hit. Ransomware remains highly prevalent. No sector, country, or organization size is immune from the risk. It’s better to be prepared and never be the victim of a ransomware attack than to start the process of bolstering defenses after an attack has been successful.

Once a ransomware attack has been detected and an initial response determined, Defenders need to understand if they are disrupting the larger RansomOp or just one aspect of the attack. Blocking ransomware on an endpoint is one thing, but it does not prevent the malicious actors from maintaining network access for the purpose of conducting a follow-up attack.

That’s where Extended Detection and Response (XDR) solutions can be a game changer for Defenders. An AI-driven XDR solution can quickly assimilate and correlate telemetry from across multiple network assets to reveal the entire attack sequence from root cause across every affected device, system, application and user. 

XDR allows Defenders to move response efforts further to the left on the attack timeline, as well as the opportunity to intercept a malicious operation proactively by leveraging Indicators of Behavior (IOBs), the chains of behavior that surface attacks earlier and enable faster remediation–a key advantage of an AI-driven XDR solution. 

Where the ransomware payload is the end of an attack, RansomOps involve weeks or months of detectable activity from initial ingress, later movement, establishing command and control and more. Cybereason is the only security provider that remains undefeated in the fight against ransomware, protecting organizations from threats like DarkSide Ransomware, REvil Ransomware and LockBit Ransomware.

Cybereason is dedicated to teaming with Defenders to end ransomware attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about the Cybereason Predictive Ransomware Protection solution, browse our ransomware defense resources, or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed