A U.S. hospital disclosed that it suffered a ransomware attack, the latest in a spate of such incidents befalling the industry in recent years. Despite the fact that ransomware has declined in most other industries, these continued attacks highlight the need for healthcare organizations to boost their defenses and adopt strategies to proactively fight against this persistent threat.

Another Hospital, Another Data Breach

The hospital announced that it became aware of a crypto-malware attack on the morning of July 9. The incident affected the organization’s internal communications systems and access to its electronic health record (EHR).

Soon after discovering the malware, the hospital quickly initiated its incident response protocol, and IT professionals worked with law enforcement and forensics experts to investigate the incident. The security team also evaluated the hospital’s digital defense capabilities and decided to divert ambulance patients suffering from trauma or stroke to other institutions.

Although the investigators did not discover any evidence of the attack compromising patient data, they did opt to temporarily shut down the system as a precaution.

Ransomware Rates Remain High in Healthcare

According to Recorded Future, ransomware campaigns began declining in 2017, driven largely by the disappearance of many exploit kits (EKs) on the cybercrime market. At the same time, the remaining EKs made a tactical shift toward distributing crypto-mining malware. Unfortunately for hospitals, the decline in overall ransomware attacks does not apply to the healthcare sector.

Healthcare companies are still prime targets for ransomware because they invest relatively little in IT security. In addition, hospitals are often more willing to pay ransoms due to the criticality of their IT systems and EHRs. As John Halamka, chief information officer (CIO) at Boston’s Beth Israel Deaconess Medical Center, noted in Fierce Healthcare, some of these systems are not up to date, which makes them susceptible to vulnerability-driven attacks.

“Each time a patch is introduced, the act of changing a mission-critical system impacts reliability and functionality,” Halamka explained. “Some mission-critical systems were created years ago and never migrated to modern platforms.”

According to ZDNet, many hospitals have recently paid ransoms of tens of thousands of dollars to regain access to their data. Threat actors view these incidents as evidence that ransomware is still an effective and lucrative tactic to use against healthcare organizations.

How Can Hospitals Protect Their Data?

To protect healthcare data from threat actors looking to hold it for ransom, hospitals should double down on patch management to ensure that all networks, endpoints, applications, databases and medical devices are up to date. They should also implement network segmentation to limit attackers’ lateral movement and regularly back up data so that operations can resume quickly in the event of a breach.

As always, the best defense against threats such as ransomware is continuous training and education throughout the organization. By ensuring that everyone from rank-and-file employees to top leadership can recognize signs of a ransomware attack and act accordingly, these users can serve as the first line of defense against this persistent threat.

More from

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

How I Got Started: White Hat Hacker

3 min read - White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping organizations bolster their digital defenses. But what drives someone to pursue a career as a white hat hacker, and how do you get started in leveraging so-called “evil” skills for the greater good?? In this exclusive Q&A, we spoke with…

3 min read