Healthcare ransomware facts at-a-glance

• Over 630 ransomware incidents impacted healthcare worldwide in 2023; Over 460 of these affected the U.S. Healthcare and Public Health (HPH) Sector. (U.S. Department of Health and Human Services) 

• In 2023, the scale of healthcare data breaches reached unprecedented levels. According to the latest HIPAA Journal analysis, a record 133 million individuals were compromised. This represents a 156% increase from 2022. (Forbes)
• Ransomware attacks aren’t just hampering operations and costing money. They’re affecting patient care. A Ponemon survey found 45% of health IT pros reported complications from medical procedures due to ransomware attacks, up from 36% in 2021. (Chief Healthcare Executive)

What is a ransomware attack ?

A ransomware attack is a type of cyberattack in which malicious software is used to encrypt files or lock computer systems, rendering them inaccessible to users.

Ransomware attacks can cause significant disruption to organizations and individuals, resulting in data loss, financial losses, and reputational damage. 

“Cyber criminals are remotely launching ransomware attacks against U.S. hospitals, medical research laboratories, and other critical infrastructure— creating a direct threat to public health and safety; an example of how cyber criminals have become more sophisticated that’s extremely troubling for hospitals, is that hackers now specifically target medical devices, not only networks, servers, PCs, databases, and medical records.” (U.S. Department of Health and Human Services) 

Why are criminals targeting healthcare organizations?

“Cybersecurity analysts say ransomware groups are targeting hospitals because they know that many will pay to get their systems restored. And patient records are valuable on the dark web.” (Chief Healthcare Executive).

Healthcare organizations are common targets for ransomware attacks because they hold valuable information, like patient records, and losing access to this data can seriously disrupt patient care.

When attacked, they’re under pressure to quickly restore access due to the urgent need for medical information, and failing to do so can lead to regulatory fines. Plus, many hospitals lack the resources to defend against sophisticated cyberattacks, making them vulnerable.

Some have insurance that covers ransom payments, which inadvertently encourages attackers to target them. So, it’s a combination of the valuable data, urgency, regulatory obligations, limited defenses, and insurance that makes healthcare organizations a prime target for ransomware.

How are healthcare organizations attacked by ransomware?

Ransomware typically spreads through email phishing campaigns, malicious attachments, compromised websites, or the exploitation of software vulnerabilities.  Email phishing is the most prevalent point of compromise, followed by spear-phishing (highly targeted phishing) and SMS phishing (via text message). (2023 HIMSS Healthcare Cybersecurity Survey)

It only takes one successful phishing attempt to cause a significant security incident. A successful phishing attack can lead to the leaking of sensitive, proprietary, or confidential information, a malware infection, or other types of security compromises (e.g., manipulation of data, credential theft, business email compromise, breaches, and others).

Once a system is infected, the ransomware encrypts files or locks the entire system, often displaying a ransom note informing the victim of the attack and providing instructions on how to pay the ransom.  

How can you prevent malicious code in your healthcare environment?

Mitigating the risk of malware takes a multifaceted security approach. At AS Software, we take these steps to safeguard customer data and help prevent ransomware damage: 

1. Protecting Your Perimeter 

Traffic to the environment is restricted to only known and approved ports and protocols. These ports can only be accessed from known IP addresses.  

2. Host-Based Intrusion Detection  

All access attempts are scanned with a host-based intrusion detection and prevention system, which flags and automatically bans any suspicious traffic. 

3. Antivirus Program 

All system files are scanned with an antivirus program. The program is updated frequently as new virus definitions are made available. 

4. Development Training 

Our software engineers undergo secure development training, focused around the OWASP top 10 — a standard awareness document globally representing the most critical security risks to web applications. 

5. Weekly Vulnerability Scans 

All source code is continuously scanned for vulnerabilities and insecure patterns, both externally and internally. Third-party penetration tests are also conducted. 

These strategies ensure protection against ransomware and prevent damage to customer networks that would delay care and put patient data at risk.  

Healthcare organizations must implement robust cybersecurity measures, including regular updates, employee training, network segmentation, data backup procedures, encryption, and access controls to mitigate the risks posed by malware attacks and protect sensitive patient data within all their systems.   

“The key is being proactive rather than playing catch-up after an incident. Make security the backbone of everything from software development to remote access policies. With innovative partners and a prevention-first mentality, healthcare organizations can regain control of their cybersecurity.” (Forbes)

To learn more about how AS Software offers a secure solution for your ultrasound workflows, schedule a demo.