Ransomware in healthcare

Hospitals struggle under the constant onslaught of ransomware. Consider these statistics about ransomware in healthcare:

  • 66% of healthcare organizations were struck by ransomware in 2021. This is almost double the number of the year before.
  • 61% of these organizations will pay the ransom. This is the highest figure in all industries.
  • $1.85 million is the average cost to recover from these ransomware attacks.

These serious figures show the need to develop a better cybersecurity defense for hospitals. In this article, we’ll show you more about ransomware in healthcare and give you some tips to prevent an attack.

Ransomware Attacks Have Doubled in 2 Years, Report Shows

In 2020, only 34% of healthcare organizations said they had experienced a ransomware attack. Just two years later, the figure has doubled to 66%. Advances in encrypted data have made these attacks less likely to succeed, but they should be a big concern for the healthcare industry.

What Are Recent Examples of Cyber Attacks?

Universal Health Services have computer systems that serve over 400 hospitals worldwide. They experienced a significant attack by hackers in 2020 in which the computers were inaccessible for 48 hours. Many patient records had to be completed by hand that would normally have been recorded in the system.

There were more severe consequences for a hospital in Dusseldorf, Germany. There, a patient died because of a ransomware attack. The hospital had to transfer urgent care patients elsewhere because of the impact on their system. 

At another hospital in Michigan, a successful attack took place that led to a serious breach of patient data. Cyber attacks like these can ruin the trust between patients and doctors.

Healthcare Organizations and Hospitals in the Crosshairs

Such attacks are very common within the healthcare industry. In fact, many healthcare organizations are targeted every day, even multiple times a day. Why target healthcare?

There are two reasons:

  • Healthcare organizations pay ransoms more often. Specifically, their cybersecurity insurance pays these ransoms.
  • Staff members who may already be overworked are more likely to make the single mistake that gives criminals a way into the system.

In addition to the security risks associated with these ransomware attacks, there is also a huge financial risk as well. Cybercriminals are aware of the financial risks, and they know some hospitals do not have sophisticated cyber defenses. The number of affected healthcare organizations is growing by the day. 

Ransomware in the Healthcare Industry

Patient data is valuable to hackers because it can be exploited. Personal information, health issues, and family demographics are all valuable data points. Hackers also know they can often keep their ill-gotten data. Only 65% of data is returned to the victims and only 2% of those paying the ransom get all their data back.

Electronic Health Records and Patient Data are Valuable to Hackers

Extortion-only attacks cost healthcare groups an average of $197,000 in direct costs. This amount is lower than in other industries. However, health companies are far more likely to pay this ransom.

Beyond the initial ransom, individual data can also be sold for profit. There are no accurate figures for how much individual data sells for, but there are estimates. A complete health care record could sell for $250. A small ransomware attack gathering 1000 of these records is worth $250,000 to the criminals.

Digital Technologies Can Increase Threats to Healthcare Systems

As well as the many advances that have come to healthcare through new technology, there are just as many risks. 

  • Virtual doctor appointments increase the information and interactions available to hackers.
  • Patient data is stored online in increasing amounts.
  • The increasing use of smartphones and tablets causes a growth in the number of attack surfaces hackers can target.

These technologies are useful for doctors, patients, and administrators. They are also openings attackers can use to try to sneak into systems.

Paying the High Price of Ransomware

We’ve mentioned the costs of cyber breaches to healthcare organizations. Here’s a quick recap of the main categories of costs:

  • Direct Costs – The direct cost of ransomware is $197,000.
  • Remediation Costs – Fixing a breach costs as much as $1.85 million dollars.
  • Breach of Trust – Patients and people lose trust in organizations after a data breach.
  • Harm to Patients – Physical harm may be caused to patients when systems fail.

The first two items are easily quantifiable. The third and fourth may be much more valuable and difficult to put a dollar figure on.

Why These Changes Matter to Health and Human Services

A key change in the past few years is the drop in the availability of insurance. Only 78% of organizations have liability insurance that covers cyber attacks, which is 5% less than other industry averages. Insurance companies are also less likely to pay the full costs. Only 47% paid the full cost of the ransom.

These changes matter for the same reasons they are so costly. Financial security is important. Patient trust is vital. And consistent healthcare service delivery protects the health of patients. All three are at risk due to cyber attacks.

What You Can Do to Prevent Ransomware Attacks

Preventing attacks is a very difficult task. All it takes is a single employee to give out the wrong bit of access information to give the hacker an ingress point. Sophisticated ransomware attacks launch from phishing scams and use privilege escalation to gain greater and greater access to the information system.

Here are three ways these attacks can be prevented or minimized:

  1. Cybersecurity awareness training is a must for all organizations. Regularly reminding employees about policies and procedures improves compliance.
  2. Hardening the cybersecurity perimeter is also vital. Firewalls, user access levels, and file sharing permissions should be updated consistently.
  3. A thorough data backup and recovery system will minimize the requirement to pay a ransom. This is true because it limits the amount of ‘unrecoverable’ data available to hackers.

None of these steps are foolproof. Taken together, though, they can limit the vulnerability of an organization.


Ransomware attacks can be devastating to healthcare organizations. Lost revenue is the least concern when patient lives can be in danger. Next year may see the highest increase yet in the number of ransomware attacks. Taking steps to protect your organization could be the difference between a successful attack and a successful defense.

Contact Strategic Systems, A Division of CEI To Learn More About Protecting Your Health Care Practice From Ransomware Attacks

No one is immune from ransomware attacks, which is why it’s so important for health care practices to have a plan in place to deal with them. Strategic Systems can help.

We work with our clients to create a custom plan that includes training for staff, data backups, and more. We also offer a 24/7 support line so that you can always reach someone who can help if an attack does occur. 

Contact us today by calling 919-944-7228 or fill out the form below to learn more about how we can help you protect your practice from ransomware attacks.