Healthcare Security: Ransomware Attacks on the Rise

By Elesa Swirgsdin
Monday, July 25, 2022

Ransomware attacks can be devastating to the healthcare industry and put patients at risk. By being proactive, organizations can help protect themselves — and their patients.

During the first half of 2022, electronic data breaches at healthcare organizations significantly increased. In fact, the U.S. Department of Health and Human Services (HHS) reports that between Jan. 1 and May 31, 244 breaches were recorded, as compared to 137 during the same period last year. A large fraction of these breaches have been ransomware attacks. While it may not always be possible to prevent these attacks, strengthening cybersecurity measures and creating comprehensive response plans can help organizations protect patients’ safety and privacy.

The Dangers of Ransomware

While all electronic data breaches cause harm by exposing or distributing sensitive information, ransomware is particularly dangerous. This form of malware gives the hacker access to private data — and it also encrypts the data, blocking access to servers until the victim pays a ransom. Often, if the ransom is not paid, the hacker will sell or publish the information.

In a healthcare setting, a ransomware attack can put not only information but also patients’ lives at risk. Recent hospital attacks have left patient records inaccessible, blocking patient care. In some cases, patients have been moved to other facilities. The financial consequences of cyberattacks can also be devastating, especially for small organizations.

Being Prepared

The healthcare sector is particularly vulnerable to ransomware attacks due to the number of connected systems and networks that use wireless technology, as well as the sensitive nature of the data. As such attacks become more sophisticated, all stakeholders, including hospitals and clinics, medical device manufacturers, and IT vendors, must coordinate efforts to mitigate attacks.

The Cybersecurity & Infrastructure Security Agency (CISA) advises that organizations who are targeted do not pay ransoms. Not only does payment not guarantee a return to data access, but it could also fuel the attackers to expand their operations. CISA recommends that all healthcare organizations take the following measures, in addition to having comprehensive and robust security systems in place:

  • Maintain offline, encrypted data backups and test the backups and procedures regularly.
  • Develop a cyber incident response plan that can be implemented in the event of an attack.
  • Develop a risk management plan that protects critical health services and care by routing them to the appropriate information systems.
  • Prepare for the possibility of critical systems becoming inaccessible by printing hard copies of documents required for critical patient care, training staff to re-route patients and coordinating with other local healthcare facilities for support.

By following mitigation and recovery plans, healthcare organizations can protect themselves from the fallout of ransomware attacks.


For more information on malware attacks, visit cisa.gov/stopransomware/healthcare-and-public-health-sector.