Healthcare is the No.4 industry hit by ransomware attacks, according to new desk research by NordLocker, an encrypted cloud service provider. Construction, manufacturing, and finance are the top three targeted industries. An analysis of 1,200 companies hit by cyber extortion between 2020 and 2021 revealed those parts of the market where ransomware is the most widespread. 

A Lucrative Target

Out of the 35 industries researched, a great number of ransomware attacks were detected in the healthcare sector. The 64 affected companies range from the French leader in outsourced sterilization of reusable medical devices to a 25-bed critical access hospital providing diagnostic, therapeutic, and preventative care. 

The healthcare business could be enticing to cyber racketeers because of the overwhelming amount of sensitive data they can access. Unlike in other sectors, the information stolen in attacks against healthcare cannot be changed upon the detection of the breach. 

“You can always change your leaked password or get a new credit card, but your DNA is for life,” says Oliver Noble, a cybersecurity expert at NordLocker. “Upon a successful ransomware attack against a hospital or clinic, hackers can get their hands not only on medical data but also on patients’ home addresses and Social Security numbers, which, if stolen, could end up in financial or identity theft scams.”

When ransomware immobilizes healthcare organizations and medical staff cannot access critical medical data, the situation becomes a matter of life and death. According to NordLocker, police in Germany launched an investigation last year after a woman died as a result of being transferred to another hospital following a ransomware attack.

“Even though to the private healthcare sector leaks of personal data might mean huge fines and legal repercussions for HIPAA [Health Insurance Portability and Accountability Act of 1996] violations due to negligence, many organizations within the industry tend to use outdated security software and continue to underinvest in cybersecurity,” Noble says. “This provides hackers with a good chance of having their ransom demands fulfilled.”

Protective Measures

Although ransomware attacks are evolving, Noble provides these cybersecurity tactics tips to serve as a defense for healthcare organizations:

  • Make sure employees use strong and unique passwords to connect to your systems. Better yet, implement multi-factor authentication.
  • Secure your email by training your staff to identify signs of phishing, especially when an email contains attachments and links.
  • Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution for this.
  • Adopt zero-trust network access, meaning that every access request to digital resources by a staff member should be granted only after their identity has been appropriately verified.