Ransomware in healthcare :
The cyberattack targeting hospitals

Ransomware in healthcare

Organizations in the healthcare industry, especially hospitals, are prone to cyberattacks because they deal with voluminous amounts of sensitive data. Among the various cyberattacks targeting hospitals, ransomware stands out as the most dangerous. Recently, there has been a surge in the number of hospitals impacted by ransomware attacks. Notable examples include the attacks on Change Healthcare in February 2024 and Ascension Healthcare in May 2024. On this page, you'll learn about the impact of ransomware on the healthcare sector and various prevention, detection, and response strategies to protect patient data.

Why ransomware targets hospitals

With the advent of digitalization, all forms of medical data were intended to be stored and maintained in digital format. This transformation turned hospitals into warehouses for medical data, encompassing personally identifiable information (PII), protected health information (PHI), medical test results, diagnosis reports, and medical prescriptions. It wasn't until the year 1989 that the healthcare sector realized its vulnerability to cyberattacks, when the World Health Organization was affected by trojanized floppy disks.

Today, hospitals remain inevitable targets of cyberattacks, especially ransomware attacks, due to the vast amount of sensitive information they hold. A recent survey indicates that an average global hospital holds approximately 42 million patient records, and around 20% of such sensitive data holdings are impacted during ransomware attacks. Another reason ransomware actors target hospitals is their relatively lower investment in cybersecurity preparedness, which often results in the payment of ransom demands.

The impact of ransomware attacks on hospitals

The aftermath of a ransomware attack causes irreversible financial, reputational, and regulatory loss. But in the case of ransomware attacks on hospitals, the stakes are even higher—they put the lives of patients at risk. Here are some of the impacts of ransomware attacks on hospitals.

Operational impact

• Healthcare portals may become unavailable due to a ransomware infestation or they may be taken offline to contain the attack. This leads to loss of access to patient medical records and, in turn, results in delayed diagnosis and treatment.
• Appointment scheduling and prescription handling may need to be done manually, straining the limited workforce.
• The unavailability of IoT devices impacts diagnostic capabilities and monitoring, forcing hospitals to delay surgeries.
• Patients requiring non-emergency procedures face extended wait times, which can be detrimental to their conditions.

Patient care impact

• The inability to access medical histories and previous diagnoses severely compromises the quality of patient care and care continuity.
• Patients are dissatisfied due to delays and a lack of communication regarding their care.
• Disruptions in virtual consultations hinder access to care for those unable to travel to the hospital.
• Delays in treatment and diagnostics increase the risk of adverse health outcomes for patients.
• Lack of access to timely care leads to complications for those with emergent conditions.

Security and compliance impact

• Attacks pose a critical threat to patient privacy, as sensitive medical records and financial transactions could be exposed.
• Compliance with regulations like HIPAA and the GDPR are a major concern, risking legal consequences and loss of patient trust.

Financial impact

• Hospitals, in fear of data exposure, pay huge ransoms to the attackers in haste, often losing money without their data being retrieved.
• Hospitals are also penalized if they are found guilty of data security violations.
• In cases where the operational inefficiency of the hospital during an attack puts patients' lives at risk, the hospital may face legal proceedings and be required to pay compensation to those affected.

Ransomware prevention strategies for hospitals

• User education: Create awareness among all healthcare personnel on the impact of ransomware and provide training to identify phishing emails, anomalous processes, and malicious executables.
• Risk assessment: IT teams in hospitals should conduct periodic risk assessments and estimate the risk scores of all users and entities to detect suspicious behavior from insiders and rogue devices.
• Vulnerability testing: Conduct vulnerability scans on all network devices, software, and applications, and update their security configurations regularly.
• Upgrade legacy equipment: Identify and replace legacy devices and equipment, as they are vulnerable to attacks due to the lack of patch updates.
• Data backup and encryption: Back up files with sensitive patient data and ensure the safety of the original files and their backups using data encryption techniques.
• Multi-factor authentication (MFA): Implement MFA for all user accounts, and enforce strong password policies.

Ransomware detection strategies for hospitals

• Network monitoring: Monitor incoming and outgoing traffic in healthcare portals and point-of-sale systems to flag suspicious data packets and block malicious connections.
• Email filtering: Detect phishing emails using email filtering and spam blocking tools.
• Security event monitoring: Track security events in the hospital network by implementing a SIEM solution with log management, threat detection, and incident response capabilities.
• File monitoring: Monitor changes to files, folders, file systems, servers, and databases to protect sensitive patient data.

Ransomware response strategies for hospitals

• Attack reporting: Report the incident and communicate the severity of the attack to regulatory authorities, stakeholders, patients, and the public.
• Attack containment: Disconnect the infected systems from all kinds of wired and wireless connections or take the network offline if infected systems cannot be isolated.
• Attack eradication: Analyze all storage drives, file systems, and folders to eliminate malicious executables.
• Data restoration: Identify and restore encrypted data and backups using relevant decryption tools.
• Network reinforcement: Issue password resets for all affected systems, and conduct vulnerability scans and apply patches to close all security gaps

Ransomware, hospitals, and compliance

Ransomware attacks on hospitals target patients' medical records, affecting the security and privacy of PHI. This makes hospitals susceptible to HIPAA violations and penalties. HIPAA mandates hospitals to protect sensitive health information from cyberattacks like ransomware by monitoring network activities, tracking file changes, notifying relevant parties about security events, and proactively responding to such incidents. Hospitals are required to record these activities and report them to HIPAA authorities to demonstrate their adherence and to mitigate the severity of punishments and penalties in the event of a data breach. For these reasons, having a compliance management solution in place is essential for hospitals to secure sensitive data and comply with HIPAA.

Related solutions

ManageEngine Log360, a comprehensive SIEM solution with advanced network monitoring, file integrity monitoring, and compliance management capabilities, helps you detect and respond to ransomware attacks targeting hospitals. With predefined correlation rules, alert profiles, and incident response workflows, Log360 not only detects ransomware but also responds to the attack and mitigates its impact in real time. It also provides out-of-the-box reports on data security compliance mandates like HIPAA, the NIST's Cybersecurity Framework, the GDPR, FISMA, and SOX. To learn more about Log360 and its unique features that can help hospitals defend against ransomware attacks, sign up for a personalized demo.