Close this search box.

Code Red: The Healthcare Sector’s Cyber Battle Against Ransomware

We delve into why healthcare organizations need particularly robust ransomware resilience strategies, what steps to take and how failure to implement these processes could mean life-or-death.
Share This Post

For most businesses, ransomware attacks translate to financial and reputational harm – which is bad indeed – but they won’t end lives. In the healthcare sector, however, ransomware can literally be a life-or-death matter. If ransomware attackers disrupt systems that healthcare providers depend on to deliver critical services to patients, people could die.

As healthcare organizations race to the cloud, it’s clear that they need a particularly robust ransomware resilience strategy. Here’s a look at the gravity of the ransomware threat faced by the healthcare sector, along with tips on how healthcare providers can keep themselves and their patients safe from the most harmful impacts of ransomware.

Why ransomware attackers love the healthcare sector

From the perspective of threat actors, healthcare organizations are a prime target for ransomware attacks, for several reasons.

Sensitive healthcare data

For starters, healthcare providers often store highly sensitive and important data that they can’t simply abandon in the event attackers encrypt it. For instance, permanently losing patient records is simply not a conceivable option in most cases. Not only would it potentially place a healthcare company in violation of compliance laws that require proper stewardship of protected health information, but it would also seriously undercut the quality of care that the organization is able to deliver in the future.

This increases the likelihood that healthcare organizations will be willing to pay a ransom to recover their information. It also distinguishes healthcare providers from organizations in most other sectors, where data taken for ransom can sometimes be written off without catastrophic consequences. If a retailer loses a database containing historical sales records, for example, it can probably keep operating. Healthcare providers don’t typically enjoy this flexibility when it comes to data loss.

Complex healthcare IT systems

A second factor that makes healthcare organizations ripe for ransomware breaches is that many clinics and hospitals operate particularly complex IT systems.

Instead of depending on conventional desktops and servers, healthcare providers require specialized software and hardware that allows them to deliver care in a variety of settings – often with help from specialized digital devices, such as Internet-connected sensors that collect data from patients’ bodies. These complex systems are attractive targets for attackers because the more complex an IT estate is, the higher the chances that admins will make a mistake (such as forgetting to install a security patch) that threat actors can exploit.

In addition, specialized healthcare devices, which are increasingly important to modern care delivery, are often challenging to secure fully. Installing updates on Internet-of-Things (IoT) hardware can be tough because conventional software patching tools don’t typically support IoT devices, or because the devices aren’t always connected to the network (and therefore can’t be reliably patched remotely). This creates another special cybersecurity risk that most other types of organizations don’t have to contend with.

Financial challenges

On top of this, financial challenges have hampered the ability of some healthcare providers to invest adequately in IT security. As TechHQ asks, “Why is healthcare cybersecurity so underfunded?” The answer is that cash-strapped hospitals and other healthcare organizations often underinvest in cybersecurity because they feel pressured to prioritize other investments that generate a clear and immediate ROI.

In short, the healthcare sector presents something of a perfect storm for ransomware attackers: It manages highly sensitive data within IT systems that, on the whole, tend to be complex and poorly secured.

The state of ransomware in healthcare

Given the challenges described above, it’s unsurprising that the rate of ransomware attacks against healthcare organizations has soared in recent years. Ransomware has long been a threat to healthcare, but the issue has grown considerably worse, and shows no sign of improving anytime soon.  According to research by the FBI, healthcare experienced a greater impact from ransomware than any other sector in 2023. The frequency of ransomware attacks that U.S. healthcare providers disclosed surged by 128 percent between 2022 and 2023. In the same period, major ransomware attacks against hospital systems nearly doubled.

For context, it’s worth noting that ransomware attacks across all sectors have also increased in frequency in recent years – but only by a rate of about 73 percent, according to the SANS Institute. Thus, the data shows that the healthcare sector is facing an especially acute increase in ransomware attacks, with incidents accelerating at a rate nearly double that of ransomware attacks in other sectors.

The impact of ransomware on healthcare organizations

It would be bad enough if ransomware attacks in the healthcare sector resulted only in financial loss and reputational harm, as they typically do in other sectors. Unfortunately, as we mentioned above, the impact of ransomware in healthcare is even more insidious because it can lead to patient deaths.

For instance, imagine that a ransomware attack disrupts the operations of an ambulance service because the systems that drivers depend on to communicate with dispatchers become inoperable and vehicles can’t reach patients quickly enough during emergencies.

Or, consider what would happen if digital health records become encrypted and doctors providing life-saving care can no longer look up information on whether a patient is allergic to a certain medication. Providers might end up prescribing drugs that are unsafe for some patients. Alternatively, patients may be unable to access critical medication at all because prescribers are unwilling to issue it without having full access to health records.

Risks like these are not just hypothetical. It’s hard to prove that ransomware caused a particular death because in most cases, ransomware plays an indirect role in causing patient harm. Nonetheless, data shows that ransomware incidents at hospitals correlate with an increase in mortality rates of approximately 28 percent – implying that at a hospital where 1000 patients die on average in a given year, 1280 will die if a ransomware attack happens.

It’s worth noting as well that even in less extreme cases – ones where lives are not on the line – ransomware can have decidedly negative consequences for health and quality of life. Patients may struggle to schedule appointments for routine care because booking systems have been disabled by attackers, for instance, and pharmacies might be unable to fill prescriptions because the medication data they depend on has been taken hostage. These may not be life-or-death matters, but they still disrupt individuals’ lives more seriously than a ransomware attack that leads only to theft of non-health related data.

Mitigating ransomware risks in healthcare: Why cybersecurity is not enough

Faced with risks like these, what can healthcare providers do to protect themselves and their patients from ransomware?

The answer starts, of course, with investing in cybersecurity, which helps prevent successful ransomware breaches from occurring. Practices like regular software patching and continuous monitoring for signs of attack can help healthcare providers get ahead of ransomware threats.

However, cybersecurity alone isn’t the solution to the ransomware threat in healthcare. The problem isn’t just that some healthcare organizations lack extensive budgets to support cybersecurity investments. It’s also that no matter how excellent cybersecurity defenses are, they can never guarantee that a ransomware attack won’t happen.

Indeed, in a 2023 survey of 650 healthcare providers in the U.S., the Ponemon Institute found that 88 percent had experienced a cyberattack that involved the theft or loss of data within the past year. This whopping figure underscores that cyberattacks are just not something that the vast majority of healthcare organizations can expect to avoid. Investing in cybersecurity may reduce the rate at which breaches occur, but you should not expect it to prevent them altogether.

The role of data backup and recovery in stopping ransomware

Fortunately, there’s a second layer of defense that healthcare providers can build to protect against ransomware: Data backup and recovery.

When successful cybersecurity breaches happen – as they inevitably will to most healthcare organizations – having data backups and recovery plans in place allows providers to restore services quickly, without paying a ransom.

And to be clear, we’re talking about more than simply performing periodic data backups. To deliver the highest level of protection, a healthcare backup and recovery strategy should include:

  • Comprehensive backup of all digital resources at a frequency aligned with Recovery Point Objective (RPO) and Recovery Time Objective (RTO) goals.
  • “Air-gapped” backups – meaning backups that are disconnected from the network – to minimize the risk that attackers can access and destroy backups. Storing backups in a different cloud account, or even on an entirely different cloud, can also help isolate them from attacks.
  • The identification of which resources to prioritize during recovery operations based on how important the resources are in enabling critical services.
  • A recovery plan that reflects these priorities and includes all of the information technicians need to restore services quickly using backups.
  • Regular execution of recovery drills, to validate that teams can actually restore services using backups and recovery plans.
  • 24/7 support services from backup and recovery platform providers in case technicians need extra help during recovery. Having access to 24/7 expert support is especially critical when lives are at stake.
  • Immutable backup storage, which prevents changes to data. While it may sometimes be necessary to enable modifications by certain user roles – meaning the backups are not necessarily strictly immutable (Governnance Mode) – in other cases a business may choose total (Compliance Mode) immutability where absolutely no one can modify backed up data. Here’s a more in-depth look at the difference.

Toward a healthier future for ransomware resilience in healthcare

The blunt fact is that ransomware remains a rampant threat in the healthcare sector. But it doesn’t have to be this way. By investing strategically in solutions that allow healthcare providers to restore service quickly without paying ransoms, even cash-strapped healthcare organizations can minimize the risk that ransomware breaches will bring their operations to a halt – and put the lives of patients at stake.

N2WS makes ransomware protection easy, regardless of the scale and complexity of the challenge. With advanced data backup and protection features – such as the ability to back up and restore data across multiple cloud accounts, immutable backup storage options and instant restore capabilities – N2WS helps healthcare organizations recover quickly when ransomware strikes.
See for yourself by signing up for a free trial of the latest version of N2WS.

Next step

The easier way to perform cross-cloud DR

Allowed us to save over $1 million in the management of AWS EBS snapshots...

N2WS vs AWS Backup

Why chose N2WS over AWS Backup? Find out the critical differences here.

N2WS in comparison to AWS Backup, offers a single console to manage backups across accounts or clouds. Here is a stylized screenshot of the N2WS dashboard.