Why is healthcare such a big target for ransomware?

There has been a surge of new technology and applications into the healthcare industry. More data is being generated and shared than ever, creating opportunities to advance patient care through analytics and better access to vital information. With the rise of AI, cloud computing, robotics and connected devices, this trend won’t be slowing down.

However, technology isn’t safe unless it’s secure, and IT advances come with fresh cybersecurity risk. Huge amounts of sensitive and valuable healthcare data is stored in sometimes vulnerable systems, with vital equipment increasingly linked across the same networks. This makes healthcare organizations prime targets for one of the most dangerous cyber threats: ransomware.

How does ransomware work?

In a nutshell, ransomware works by locking users out of their systems and encrypting files, making them inaccessible. IT systems can be hacked, or as in over 90% of cases, the ransomware will be delivered via email phishing and set in motion by an innocent click from an insider. The hackers will provide a decryption key once a ransom has been paid.

This leaves affected healthcare organizations with a dilemma: they can pay the ransom (with no guarantee the criminals won’t steal data to blackmail them further) or spend time and resources rebuilding their IT system from scratch. Of course, any business can be hit by ransomware, but there are circumstances unique to the healthcare industry that make it a major target.

What makes healthcare a target?

A cybercriminal’s goal is clear: they want the ransom to be paid. And the more important an organization’s data is, the more leverage a hacker has. Healthcare data is highly sensitive, with a patient’s file containing everything needed for identity theft. Health records sell for a lot on the dark web – even more than financial data.

Cybercriminals are well aware of the impact of locking down IT systems in healthcare organizations; they know that locking healthcare workers out of these vital systems can literally be a matter of life or death for patients. Public pressure is high for healthcare organizations to get sensitive records and systems safely under control. Criminal groups know there will be significant pressure on organizations to pay ransoms and get things back up and running as soon as possible.

The nature of healthcare organizations also plays into the hands of ransomware attacks. Typically, healthcare providers have older systems that are less able to deal with attacks than those in other industries. Technology and systems are more geared towards clinical safety and patient care than cybersecurity. For example, a state-of-the-art medical device may be incredibly safe and effective for use in surgery – but how secure is it from being hacked? Every pound that’s allocated to the cybersecurity budget means less money can be allocated to direct patient care.

Healthcare staff need to communicate often and quickly. Employees at all levels need to access and share sensitive data, often with temporary and contracted staff. Their first concern is always patient welfare, so cybersecurity is likely not top of mind for them. The personality type of most healthcare workers is caring and hardworking, so they can be tricked into clicking links/opening attachments that play on this psychology. All of this makes them prime targets for ransomware via email phishing.

Recent ransomware attacks

In 2017, the healthcare industry was given a stark warning about the risks of cybercrime. The NHS was hit by the WannaCry ransomware attack, compromising IT systems across the entire organization. Vital systems were blocked, data was encrypted and made inaccessible, plus many appointments and surgeries had to be cancelled. The attack showcased just how vulnerable healthcare is to cybercrime. 

More recently in May 2021, the Health Service Executive (HSE) of Ireland was hit by a sophisticated ransomware attack. It was a zero-day attack, exploiting a previously unknown vulnerability and forcing HSE’s nationwide IT services to shut down. The attack had a significant impact on hospital appointments across Ireland, with many cancelled including all outpatient and radiology services. By June 2021, one-quarter of HSE’s IT servers had still not been decrypted, and 30% of its computers remained out of use.

The complex structures of healthcare organizations can make it hard to respond quickly and efficiently in the face of an attack. Technologies and attacks used by cybercriminals are always evolving, with new threats constantly emerging. This means the most effective defence is to stop ransomware at the point of entry.

How can healthcare organizations protect themselves?

With over 90% of ransomware delivered via email phishing, this is the stage where it’s so important to have effective defences. By preventing phishing emails from getting in front of healthcare workers, we can stop that all-important instance of insider error that brings an attack to fruition. We call this ‘killing the kill chain.’

Cybercriminals send phishing emails in the hope that healthcare employees will be too tired, stressed, or rushed off their feet to closely analyze them and spot social engineering tactics. Organizations therefore need technology that protects their healthcare workers and lets them concentrate on doing what they’re best at.

Intelligent anti-phishing solutions such as Egress Defend can even up the odds against cybercriminals. Defend uses natural language processing (NLP) and machine learning technologies to detect ransomware delivery via email. It works unobtrusively in the background, detecting phishing attacks in real-time and alerting users with a traffic-light-based warning system.