According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.
For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77 million on average.
Ransomware plays a key role in creating this cost differential. As noted by data from the Office of the Director of National Intelligence, the number of ransomware attacks almost doubled between 2022 and 2023. Recent large-scale attacks such as those on Change Healthcare and Ascension, meanwhile, have demonstrated the efficacy of these attacks in getting hackers what they want.
The result? Ransomware is on the rise. Here’s what healthcare organizations need to know about why ransomware works so well, what attackers want and how past compromises drive future trends.
Why ransomware works in healthcare
Healthcare data is valuable — not just financially but physically.
Consider a ransomware attack that finds and encrypts patient data. In the best-case scenario, patient treatment plans are temporarily delayed or put on hold. In the worst case, lives are at risk because staff can’t access critical patient information.
If healthcare companies hold the line and refuse to pay, they’re not just dealing with financial and operational issues; they’re potentially putting patients at risk. This creates a double-pressure problem, with both C-suites and patient families pressuring IT teams to meet demands instead of trying to decrypt compromised data. As a result, healthcare companies are more likely than those in other industries to pay the ransom, even if there’s no guarantee data will be decrypted and attackers won’t try again.
The path to compromise
While internal issues such as human error and IT failures accounted for 26% and 22% of healthcare attacks, respectively, 52% of breaches were attributed to malicious actors.
According to a report from the Office of Information Security and the Health Sector Cybersecurity Coordination Center (HC3), the top attack paths for healthcare include social engineering, phishing attacks, business email compromise (BEC), distributed denial of service (DDoS) and botnets.
Compromise through any of these paths provides the opportunity for cyber criminals to download and install ransomware. In the case of attacks such as phishing or email compromise, it could be days, weeks or even months before organizations discover they’ve been breached.
Shortages in IT staffing also make it easier for attackers to breach healthcare networks. As noted by recent research from CDW, just 14% of healthcare organizations say their IT security teams are fully staffed. Over half say they need more help and 30% say they are understaffed or severely understaffed. This puts many companies in a state of continual cybersecurity triage, leaving them one (or more) steps behind malicious actors.
Read the Cost of a Data Breach Report
What attackers are after
Attackers are looking to encrypt and exfiltrate any data, which makes it harder for healthcare organizations to carry out key tasks or puts them at risk of regulatory compromise.
This includes electronic medical records (EMR) that contain patient information such as treatment plans, financial information, insurance details or social security numbers. Attackers may also prevent staff from accessing key solutions such as scheduling tools or cut-off connections with key cloud services.
In short, attackers want anything they can sell and anything they can use to compel immediate action. Consider a financial firm. If protected documents are breached, finance companies could suffer monetary and reputation loss. In the case of healthcare, meanwhile, a compromise could lead to serious injury or even loss of life — both significant events that make it virtually impossible for organizations to regain a solid industry reputation.
Hacker see, hacker do
Ransomware attacks are trending upward in part because hackers are seeing repeated success.
For example, in February 2024, Change Healthcare suffered a ransomware attack orchestrated by a group known as BlackCat. Rather than take the risk of losing critical data, Change paid the attackers $22 million. According to a recent NPR piece, the company’s total losses due to the incident will likely top $1.5 billion.
Three months later, a different ransomware group struck Ascension, a Catholic health system with 140 hospitals across 10 states. Providers were locked out of critical systems that helped track and coordinate patient care, which included information about medicine types, doses and potential problematic reactions. Pivoting back to paper helped Ascension manage the impact but significantly slowed down operational processes.
The ongoing success of ransomware attacks creates an opportunity for both skilled attackers and their less-clever counterparts — those with coding talent can create their own code and combine it with existing malware tools, while those lacking skills can purchase ready-to-go ransomware packages on dark web marketplaces.
How healthcare companies can reduce ransomware risks
Reducing ransomware risks requires a two-part approach that includes protection and detection.
Protection includes the use of anti-spoofing and email verification tools capable of reducing the number of potentially fraudulent messages that make it to user inboxes. For example, companies can flag certain phrases such as “urgent action” or “funds transfer” to limit the risk of phishing attacks.
AI and automated tools, meanwhile, can help shorten the time required for organizations to detect and, therefore, mitigate attacks. According to Brendan Fowkes, Global Industry Technology Leader for Healthcare at IBM, healthcare companies that used AI and automation tools were able to detect and contain incidents 98 days faster than average. In addition, companies using these solutions saved an average of nearly $1 million.
Beware the ‘ware
Ransomware attacks on healthcare organizations continue to rise as cyber criminals recognize the value of operational and patient data in compelling action from affected companies.
While it’s impossible to fully eliminate the risk of ransomware, businesses can reduce their compromise potential by combining email protection tools with AI detection solutions capable of automating key processes and pinpointing potential problems before they compromise pertinent patient data.