September 26, 2024 By Doug Bonderud 4 min read

According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.

For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77 million on average.

Ransomware plays a key role in creating this cost differential. As noted by data from the Office of the Director of National Intelligence, the number of ransomware attacks almost doubled between 2022 and 2023. Recent large-scale attacks such as those on Change Healthcare and Ascension, meanwhile, have demonstrated the efficacy of these attacks in getting hackers what they want.

The result? Ransomware is on the rise. Here’s what healthcare organizations need to know about why ransomware works so well, what attackers want and how past compromises drive future trends.

Why ransomware works in healthcare

Healthcare data is valuable — not just financially but physically.

Consider a ransomware attack that finds and encrypts patient data. In the best-case scenario, patient treatment plans are temporarily delayed or put on hold. In the worst case, lives are at risk because staff can’t access critical patient information.

If healthcare companies hold the line and refuse to pay, they’re not just dealing with financial and operational issues; they’re potentially putting patients at risk. This creates a double-pressure problem, with both C-suites and patient families pressuring IT teams to meet demands instead of trying to decrypt compromised data. As a result, healthcare companies are more likely than those in other industries to pay the ransom, even if there’s no guarantee data will be decrypted and attackers won’t try again.

The path to compromise

While internal issues such as human error and IT failures accounted for 26% and 22% of healthcare attacks, respectively, 52% of breaches were attributed to malicious actors.

According to a report from the Office of Information Security and the Health Sector Cybersecurity Coordination Center (HC3), the top attack paths for healthcare include social engineering, phishing attacks, business email compromise (BEC), distributed denial of service (DDoS) and botnets.

Compromise through any of these paths provides the opportunity for cyber criminals to download and install ransomware. In the case of attacks such as phishing or email compromise, it could be days, weeks or even months before organizations discover they’ve been breached.

Shortages in IT staffing also make it easier for attackers to breach healthcare networks. As noted by recent research from CDW, just 14% of healthcare organizations say their IT security teams are fully staffed. Over half say they need more help and 30% say they are understaffed or severely understaffed. This puts many companies in a state of continual cybersecurity triage, leaving them one (or more) steps behind malicious actors.

Read the Cost of a Data Breach Report

What attackers are after

Attackers are looking to encrypt and exfiltrate any data, which makes it harder for healthcare organizations to carry out key tasks or puts them at risk of regulatory compromise.

This includes electronic medical records (EMR) that contain patient information such as treatment plans, financial information, insurance details or social security numbers. Attackers may also prevent staff from accessing key solutions such as scheduling tools or cut-off connections with key cloud services.

In short, attackers want anything they can sell and anything they can use to compel immediate action. Consider a financial firm. If protected documents are breached, finance companies could suffer monetary and reputation loss. In the case of healthcare, meanwhile, a compromise could lead to serious injury or even loss of life — both significant events that make it virtually impossible for organizations to regain a solid industry reputation.

Hacker see, hacker do

Ransomware attacks are trending upward in part because hackers are seeing repeated success.

For example, in February 2024, Change Healthcare suffered a ransomware attack orchestrated by a group known as BlackCat. Rather than take the risk of losing critical data, Change paid the attackers $22 million. According to a recent NPR piece, the company’s total losses due to the incident will likely top $1.5 billion.

Three months later, a different ransomware group struck Ascension, a Catholic health system with 140 hospitals across 10 states. Providers were locked out of critical systems that helped track and coordinate patient care, which included information about medicine types, doses and potential problematic reactions. Pivoting back to paper helped Ascension manage the impact but significantly slowed down operational processes.

The ongoing success of ransomware attacks creates an opportunity for both skilled attackers and their less-clever counterparts — those with coding talent can create their own code and combine it with existing malware tools, while those lacking skills can purchase ready-to-go ransomware packages on dark web marketplaces.

How healthcare companies can reduce ransomware risks

Reducing ransomware risks requires a two-part approach that includes protection and detection.

Protection includes the use of anti-spoofing and email verification tools capable of reducing the number of potentially fraudulent messages that make it to user inboxes. For example, companies can flag certain phrases such as “urgent action” or “funds transfer” to limit the risk of phishing attacks.

AI and automated tools, meanwhile, can help shorten the time required for organizations to detect and, therefore, mitigate attacks. According to Brendan Fowkes, Global Industry Technology Leader for Healthcare at IBM, healthcare companies that used AI and automation tools were able to detect and contain incidents 98 days faster than average. In addition, companies using these solutions saved an average of nearly $1 million.

Beware the ‘ware

Ransomware attacks on healthcare organizations continue to rise as cyber criminals recognize the value of operational and patient data in compelling action from affected companies.

While it’s impossible to fully eliminate the risk of ransomware, businesses can reduce their compromise potential by combining email protection tools with AI detection solutions capable of automating key processes and pinpointing potential problems before they compromise pertinent patient data.

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today