Ransomware attacks on hospitals are increasing in frequency and severity. These attacks—in which cybercriminals hold patient data and IT systems hostage, demanding ransom to restore access—can severely disrupt hospital operations and endanger patient health. Hospitals need to step up their internal cybersecurity efforts and collaborate with others within and beyond healthcare to protect their organizations and their patients.
Ransomware on the Rise
At the end of January 2024, staff at Lurie Children’s Hospital in Chicago became aware that cyber attackers had gained access to the organization’s IT systems. The hospital, which serves more than 220,000 patients a year, quickly took internet-connected systems offline, including phones, email, and the electronic health record (EHR) system. Though administrators provided few details, a ransomware gang later took credit for the attack and apparently offered to sell stolen data from medical records for approximately $3.4 million.
This was not an isolated incident. Ransomware attacks are on the rise, and healthcare organizations are a primary target.
In its most basic form, ransomware is a type of malware that encrypts sensitive files, preventing access by authorized users. Cybercriminals might access hospital systems by stealing credentials through phishing schemes or conducting network intrusion attacks. They can then spread malware to systems that contain sensitive data—which might include EHR, billing, or other systems. They demand ransom in exchange for providing the decryption key.
Cybercriminals target hospitals and other healthcare organizations in part because these organizations have extremely valuable patient data and critical IT systems. Attackers know that hospitals need to restore access rapidly—and if necessary, these organizations will pay a high price to do so. If an organization fails to pay the ransom, attackers can also steal and sell data to other criminals.
To thwart attacks and mitigate damage, many hospitals need to revamp their cybersecurity strategy, implementing new tools and collaborating with other organizations. Otherwise, they could face attacks that severely disrupt operations and impact patient health.
How Ransomware Attacks on Hospitals Have Changed
Early ransomware attacks were often launched by individuals or small groups of amateur hackers. Today, professional ransomware gangs—sometimes funded and supported by foreign governments—carry out well-planned, large-scale attacks. The WannaCry malware virus in 2017—which targeted Windows computers and affected hundreds of thousands of computers globally—was likely created in North Korea and supported by the North Korean government.
Criminal groups today are also improving at gaining access to systems through phishing schemes, software vulnerabilities, and human errors. And they are capitalizing on Ransomware-as-a-Service solutions that eliminate the need to develop unique malware.
Furthermore, criminals are making multi-layered demands. Beyond simply demanding ransom in exchange for a decryption key, they are threatening to sell patient data and attack partner organizations unless their monetary demands are met. The typical ransom demanded—generally in untraceable cryptocurrency—has increased dramatically, often equaling millions of dollars. And the disruptions are more severe, rendering systems inaccessible for weeks or months.
Consequences for Hospital Operations and Patient Safety
The attack on Ardent Health Systems in late 2023 highlights the impact a ransomware event can have on multiple hospital services. The organization diverted ambulances to other hospitals, sent emergency room patients elsewhere, and rescheduled some elective patient procedures across several of its 30 locations, including Lovelace Health System hospitals.
At Lurie Children’s hospital, the 2024 attack and subsequent shutdown of electronic systems forced administrators to resort to manual processes. Patients, meanwhile, encountered severe difficulties communicating with staff and doctors.
For patients, these ransomware incidents and other cyberattacks are more than inconvenient—they could have a real, detrimental impact on their health. If patients face delays for tests, procedures, surgeries, emergency care, or medications, their lives could be at risk.
Inadequate Security and IT Systems
What makes hospitals particularly vulnerable to ransomware and other cyberattacks? Many hospitals continue to use legacy systems that are difficult, and expensive, to update and secure. Moreover, hospitals often use a range of medical devices and equipment that are infrequently updated and patched. These technologies are connected to core systems and could provide a vector for attacks.
Many hospitals also have inadequate backup and business continuity strategies in place. Backing up data and implementing redundant systems could help reduce the pressure to pay ransoms. But too few hospitals are prepared for attacks that render primary data volumes and key systems inaccessible.
Some hospital IT teams also lack necessary cybersecurity expertise for protecting their organizations. In a recent survey from the Healthcare Information and Management Systems Society (HIMSS), 43% of respondents reported insufficient budget to hire qualified healthcare cybersecurity professionals. A slightly larger percentage (47%) said they had trouble finding candidates with sufficient experience.
Recommendations to Improve Hospital Security
There is no easy path to avoiding ransomware or other cyberattacks. But following a few recommendations can help significantly reduce risks.
Prioritize Cybersecurity
Rebalancing budgets to allow greater investment in the tools and people required for defense is critical for avoiding the disruptions, financial losses, and potential patient health impact that these attacks can cause. IT teams must update systems and replace outdated solutions.
Within the existing infrastructure, IT teams should improve access controls, reducing the attack surface by helping ensure that only authorized personnel can access sensitive data. Deploying network monitoring tools can help better identify attacks the moment they begin. And improving network segmentation can help prevent an infection in one system from spreading to others.
Routinely backing up data and maintaining offline/air-gapped copies of data can help deprive cybercriminals of their power to demand ransom. If an organization has a complete, up-to-date, and available copy of all data, there is less of a reason to pay a ransom.
Hospitals must also ensure they have the cybersecurity expertise to develop the best strategies. In addition to training existing staff and hiring new team members, IT groups should consider working with outside experts that can protect healthcare organizations from the latest threats.
Expand Public-Private Partnerships
Hospitals can—and should—partner with public and private organizations in their work to strengthen defenses. Government agencies, for example, can help provide funding and expertise to help reinforce hospitals’ IT infrastructures. Partnerships with public health agencies and private cybersecurity firms can help hospitals develop the right strategies and select the best tools for moving forward. Meanwhile, other hospitals, government agencies, and industry organizations should all share information about emerging attacks so all entities can be prepared.
Cross-Industry Collaboration
Hospitals and other healthcare organizations can also learn security best practices from other industries. Though attackers frequently target hospitals, attack techniques are used in a range of other fields. Hospitals should also consider taking part in joint cybersecurity exercises and incident response planning. Furthermore, they should participate in coordinated vulnerability disclosure programs, which can help identify issues early and spark patching efforts that thwart attacks.
Focus on Preparedness and Prevention
Because there is little that hospitals can do to stop criminals from launching attacks, they should focus on preparing for attacks and preventing damage. Beyond implementing new security capabilities—such as access control, network monitoring, and network segmentation, hospitals should develop incident response plans so they can act quickly in the event a breach occurs.
Hospitals should also consider buying cyber insurance. Insurance plans, while increasingly expensive, can cover a wide range of financial liabilities, from the costs of ransom payments to data restoration, regulatory fines, and legal settlements.
Start Revamping Your Cybersecurity Strategy
Ransomware is a serious and growing threat to hospitals and their patients. By disrupting services, these attacks can have a direct, immediate impact on patient care. To successfully defend against ransomware attacks, many hospitals need to revamp their cybersecurity strategy—not only purchasing new solutions and hiring experts but also overhauling processes. Collaborating with other hospitals as well as outside organizations can help your hospital tap into the information and best practices you need to bolster your resilience.
Learn how Cloudticity can help your organization optimize security and defend against ransomware and other cyberattacks. Reach out for a free consultation today.
