Ransomware and healthcare: Why hackers target the industry and how to combat attacks

In all caps, the image reads RANSOMWARE in glowing red letters against a background of blue and red binary.In February 2024, the Change Healthcare ransomware attack sent shockwaves across the nation that many are still feeling months later, according to a recent CSO article, “The cyber assault on healthcare: What the Change Healthcare breach reveals.”

With stolen credentials, bad actors remotely accessed a Change Healthcare Citrix portal that wasn’t protected by multi-factor authentication (MFA). The ripple effect was substantial, given that Change is one of the world’s biggest healthcare payment processing organizations and serves as a cleaning house for almost 40 percent of all medical claims (15 billion annually), according to the U.S. Energy and Commerce Committee.

In a press release, the American Hospital Association (AHA) described the incident as “the most significant and consequential incident of its kind against the U.S. health care system in history,” noting that the attack disrupted hospitals’ ability to submit insurance claims, receive payments, fill prescriptions, and care for patients. As of July 2024, the cost of responding to the breach is expected to total between $2.3 billion and $2.45 billion for UnitedHealth Group (UHG), which owns Change Healthcare, according to The HIPAA Journal.

The Change incident is representative of a larger trend involving rising ransomware attack rates in the healthcare industry. If you’re a leader in the healthcare space, here’s what you need to know about the rise of ransomware attacks focused on your industry, how to stop bad actors from accessing your data, and what you can do to ensure minimal damage if you experience a breach.

Why is healthcare data frequently the target of ransomware attacks?

No one is safe from ransomware attacks these days. Fifty-nine percent of organizations surveyed in early 2024 reported a ransomware hit in the past year, according to The State of Ransomware 2024 report from Sophos. A Wired headline earlier this summer declared, “Ransomware Is ‘More Brutal’ Than Ever in 2024.”

Still, while the raging ransomware epidemic affects businesses of all sizes and across all verticals, some industries attract more malicious attention than others. The healthcare sector is a magnet for bad actors.

Ransomware attacks targeting healthcare organizations specifically have escalated. The healthcare industry rose from the sixth most impacted industry in 2023 to the second most affected (after manufacturing) in the first half of 2024, according to Palo Alto Networks’ Unit 42, which monitors ransomware and extortion leak sites.

Organizations in the healthcare industry are particularly vulnerable to ransomware for various reasons, according to TechTarget. Here are some of the top factors that combine to create a high-risk atmosphere:

    • High volumes of personally identifiable information (PII) and protected health information (PHI), which appeals to criminals planning extortion and black-market sales
    • The life-and-death nature of disruptions for healthcare providers making the stakes higher and increasing pressure to pay the ransom
    • Frequent remote access by healthcare professionals
    • Broad attack surface composed of various systems and devices utilized by healthcare organizations and professionals
    • Lack of cybersecurity awareness, since security isn’t the primary focus and priority for many healthcare organizations

How healthcare organizations can combat ransomware

With ransomware on the rise, it’s imperative to proactively protect your data and systems from attacks. The U.S. Department of Health and Human Service (HHS) Office of Information Security and Health Sector Cybersecurity Coordination Center (HC3) have recommended the following ransomware mitigations:

    • MFA to create an additional barrier in the event of credential theft
    • Proper password hygiene (not relying on default login credentials, setting complex passwords, not recycling passwords, and utilizing a password manager)
    • Maintaining current data backups for ransom payment avoidance and business continuity
    • Network segmentation to prevent lateral movement in case of infection
    • Endpoint security practices such as automatic patching and updates
    • Security awareness training (e.g., teaching end users to recognize phishing emails, a common ransomware vector)

Ultimately, investing in prevention today can ensure your ability to provide lifesaving patient care tomorrow. Our technology advisors can help you explore managed security solutions such as extended detection and response (XDR), incident response services, penetration testing, in-depth defense, and more to minimize your risk level and ensure the damage is negligible if you’re hit by ransomware.

Start by calling 877-599-3999 or emailing sales@stratospherenetworks.com to connect with our advisors. You can also complete our free security assessment to jumpstart your search for the best solutions.

Contact Us

We will handle your contact details in line with our Privacy Policy. If you prefer not to receive marketing emails from Stratosphere Networks, you can optout of all marketing communications or customize your preferences here.