Table of contents

    Impact of ransomware on the healthcare sector

    In the last few years, ransomware has become the greatest concern for many institutions, especially those in the healthcare industry. Cybercriminals are developing more sophisticated methods and using their new techniques to launch frequent, devastating attacks. Protecting your organization in such a perilous environment requires constant vigilance and a proactive approach.


    Ransomware is a form of malware that blocks or disables a system until the users have paid a ransom. Some attacks lock the users’ screens, while others lock the files themselves. The criminals act by encrypting files and then making online payment of the ransom the mechanism for releasing the decryption code. Whatever the exact methodology, the basic strategy remains the same. By locking users out from the data they need, the criminals gain leverage over their victims and demand monetary compensation.

    Investigating the latest trends in online criminality, SonicWall has reported an 148% increase in worldwide ransom-related incidents. 2021 was the worst year on record, marking a trend that’s been developing for years. A disproportionate number of these assaults were directed at the healthcare sector. With valuable data and limited funds, hospitals are ideal targets for greedy cybercriminals.

    According to a 2021 survey, 42% of health delivery organizations had faced multiple ransom-related attacks in the previous two years, and 36% had faced a third-party assault. These statistics demonstrate the horrific scope of the problem. Unscrupulous cybercriminals are taking advantage of weaknesses in the system to ambush some of the most important institutions in society, the institutions that promote health and wellness. For anyone in the health sector, fighting back is the only option.

    Why is Healthcare a Top Target for Ransomware?

    It’s not a coincidence that medical facilities face more threats than organizations in other fields. The value and sensitivity of patient data is a major draw for criminals, and a confluence of technological and cultural issues within the industry leaves medical institutions especially vulnerable. Together, these factors make hospitals and other medical facilities veritable sitting ducks in the eyes of tech-savvy criminals.

    Hospitals have a more intimate relationship with their patients than most businesses have with their clients. To provide adequate care, hospitals compile and store all sorts of personal data, much of which is sensitive and private. For hackers and criminals, confidential information is incredibly valuable. Not only can such sensitive data fetch a high price on the illegal market, but it also allows criminals to ask for a higher ransom. Medical centers need to realize that they’re as attractive to today’s cybercriminals as banks were to the robbers of old.

    With sprawling computer systems and workers who are more focused on other concerns, the healthcare system is particularly vulnerable. Medical equipment provides criminals with weak points to exploit, and the need for employees to access data remotely creates additional vulnerabilities. Hospital workers, fighting daily to provide for their patients, are often too busy to worry about cybersecurity. When time is of the essence and someone is calling for help in the other room, it’s harder to think twice before opening a suspicious email. Workers are also inclined to prioritize efficiency, making them less likely to accept structural changes for the sake of digital security.

    On top of these inherent risks, there are also financial concerns to consider. Funding is often tight in the medical field, and many providers are struggling to stay afloat. All the same, organizations should realize that paying for protection is better than suffering a cyber invasion. With just one phishing email, a bustling medical center can find itself paralyzed, and the ransom will cost much more than the security measures would have.

    Significant Hospital Ransomware Attacks

    Among the recent onslaught, a few major incidents stand out for their scope and severity. Examining these episodes provides valuable insights into the nature of modern cybercrime. It also shows what health-related institutions can do to protect themselves.

    While each of these incidents had its own characteristics, they shared a few themes that are common to most ransom-related schemes. In each case, malware spread through the system with alarming speed. Each incident produced considerable losses, either in money or personal data. All three cases also forced the affected institutions to redouble their cybersecurity efforts. Having learned about these events, you can revamp your own protection measures before it’s too late.

    Ryuk Ransomware Attack on Universal Health Services

    In 2020, Universal Health Services (UHS) suffered a Ryuk attack that cost the company around $67 million. With over 90,000 employees serving 3.5 million patients in the United States and the United Kingdom, UHS is a truly massive organization. Even with a considerable budget and institutional clout, the company failed to prevent the malicious incursion.

    UHS managed to resume full operations about a month after the incident began. While restoring IT capabilities, the company’s revenues took a major hit. Health centers couldn’t keep up with a full load of patients, billing was delayed, and extra labor was needed to get computer systems back up and running. While the incident was financially devastating, UHS managed to prevent the theft or misuse of sensitive data.

    The UHS cyberattack represents part of a larger trend. Ryuk, a specific type of ransom-seeking malware, has been used frequently to infiltrate medical facilities. Many companies suffer major operating losses while restoring their technological capabilities.

    Sophisticated Spear Phishing Campaign on Magellan Health

    Like UHS, Magellan Health is a Fortune 500 company with a massive list of clients. Also like UHS, Magellan has been the victim of a devastating cyber assault. In 2020, a devious, sophisticated spear phishing campaign fooled an employee and inserted malware into the organization's technological infrastructure. When all was said and done, 1.7 million individuals had their personal data compromised.

    Spear phishing refers to the process by which cyber criminals send a specific, personalized email to trick someone into granting them access to a system. In this case, the email purported to be from a Magellan Health Client. Once the malware had entered the system, it extracted sensitive data about patients and employees. By the time the company realized its systems had been compromised, it was already far too late.

    Conti Ransomware Attack via Phishing Email on Ireland's HSE

    Private companies are not the only institutions vulnerable to nefarious activity. In May of 2021, criminals targeted the Health Service Executive (HSE) in Ireland. Once the system had been compromised, hackers accessed high-level accounts and used them to extract vast amounts of sensitive data. With the information already in the hands of criminals, all the Irish government could do was monitor the dark web and try to prevent personal details from being published.

    As in the Magellan incident, criminals used a phishing email to launch their assault on the HSE. When an unsuspecting employee opened a Microsoft Excel file that had been attached to an email, they welcomed the malware into the organization’s digital infrastructure. From there, the malicious software spread through the system before being detonated a few weeks later.

    The HSE incident demonstrated the vulnerability of public health-related institutions. The HSE is a sprawling organization. It employs more people than any other state-run entity in Ireland, and those employees access their digital workspaces through more than 70,000 different devices. Securing such an expansive network is a major challenge, and the Irish government has admitted that various shortcomings left the system overly exposed. By doubling down on improved security measures, the HSE hopes to prevent future malware assaults.

    How Healthcare Organizations Can Defend Themselves

    Defending against cyber threats requires a proactive approach that focuses on prevention. Malware is extremely hard to neutralize once it has made its way into a computer system. Keeping the malicious software out in the first place is always the best option. When circling the wagons to protect against malware, you should prioritize:

    • Company culture
    • Data backups
    • Machine-intelligence

    First and foremost, you should do whatever it takes to raise awareness about cyber threat protection within your company’s workforce. As the Magellan and HSE cases demonstrate, massive assaults can originate with a single employee error. Training people to identify potential phishing attempts is one of the easiest ways to enhance company-wide protection.

    Backing up essential data can also help you minimize the damage in the case of a sudden infiltration. What makes malware so devastating is often the paralyzing effect on an organization. If you keep data stored in multiple places, it'll be easier to maintain normal operations even when attackers have disabled parts of your digital infrastructure.

    Advances in machine learning provide additional ammunition in the fight against cybercrime. AI-enabled, machine learning email security solutions can identify suspicious activity and flag potential phishing campaigns. They learn from and understand human communication behavior and relationships to protect against advanced threats, including malware. In the fight against an enemy as pernicious as cybercrime, this line of defense can prove vital.


    Ransom-related incidents are on the rise, and medical organizations are especially likely to find themselves in the crosshairs. The combination of valuable patient data and inherent vulnerability makes hospitals and similar institutions prime targets for criminal organizations. Recent assaults against UHS, Magellan Health, and the Irish HSE show just how destructive these incidents can be.

    To protect your organization from this ongoing threat, you need to adopt a vigilant, proactive approach. Developing a culture of precaution, backing up your data, and using the latest machine-intelligence email security can help you keep the attackers at bay.

    Learn how you can prevent ransomware attacks and data breaches from disrupting vital services. Download the 2024 Email Security Check-up for Healthcare Providers and discover healthcare cybersecurity solutions.


    Download the checklist