The recent ransomware attack on Change Healthcare, a major U.S. healthcare technology company, is a stark reminder of the security risks that healthcare organizations, both small and large, face. In 2023, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), which publishes healthcare data breaches, reported a 239% increase in hacking-related data breaches between January 1, 2018, and September 30, 2023, and a 278% increase in ransomware attacks over the same period. Since healthcare is a frequent target of ransomware attacks, organizations must take a proactive approach to implementing security measures and incident response plans to build resilience.

In this blog post, we explore the impact of ransomware attacks on healthcare and discuss how healthcare organizations can defend against ransomware attacks.

audit icon

why ransomware hackers target healthcare organizations.

Ransomware is a form of malware that blocks a user’s access to critical files or data till a payment is made. In healthcare, besides costing hospitals and providers huge sums of money, losing access to mission-critical data and systems can also disrupt patient care and put lives at risk. And, an attack can leave these organizations vulnerable to litigation from patients whose data is exposed.

Hackers understand that the impact of these attacks on a healthcare system’s operations and the pressure to restore access to data and files will force these organizations to make a payment. Further, healthcare organizations also store confidential protected health information, which is highly valued on the dark web. For instance, medical records sell for $60 compared to $15 for a Social Security number and $3 for a credit card on the dark web. All these factors make healthcare organizations a prime target for ransomware.

audit icon

how to defend against ransomware in healthcare.

Today, cybercrime is more organized, and hackers have access to sophisticated tools. With so much at stake, healthcare organizations need to proactively address incident response and maximize protections against ransomware. Here are some broad ransomware protection measures for healthcare organizations.


Create an incident response plan.

Given the frequency and impact of ransomware attacks on healthcare organizations, having a response and recovery plan is crucial. Develop a thorough incident response plan that extensively spells out your organization’s best practices for threat detection, communication and reporting, mitigation, and restoration strategies. The plan should also identify your response team and list mission-critical data and functions. Your incident response plan will serve as a guide in the event of a ransomware attack, so your team knows what actions to take to contain an incident.


Security awareness training

Educate your employees on cybersecurity threats and best practices through regular security awareness training. These sessions can empower your team to detect red flags of ransomware and common tactics for malware distribution, such as phishing, as well as teach them cybersecurity best practices, including password management. Your people are key to defending against malicious activity, so it’s important to ensure they have the right knowledge and tools.


Implement threat detection & response tools.

Healthcare organizations are obligated under HIPAA to protect electronic patient health information (e-PHI) from anticipated threats. A great way to stay on top of threat detection is to invest in managed detection and response (MDR) technology. These solutions can provide 24/7 threat monitoring as well as help shorten detection and response time, helping you maximize protections.


Maintain data backups

Always ensure your patient health data and other files are backed up and securely stored so you can recover this information in the event of a ransomware attack.


Conduct risk assessments.

As advised by the HIPAA Security Rule, conduct in-depth security risk assessments to catch vulnerabilities in your network that could threaten the availability and integrity of your patient health data. Identifying and remediating these security vulnerabilities will enable better risk management.


Network segmentation.

Segmenting your network helps minimize hackers’ lateral movement. Dividing your network into smaller, isolated subgroups using Virtual Local Area Networks (VLANs) or other techniques can contain the spread of a cyberattack and prevent hackers from getting into other systems.


need information security services for your healthcare organization?

Our certified team of cybersecurity professionals provides IT audits, social engineering testing, Meaningful Use risk assessment, HITRUST certification readiness, penetration testing services, and more. These services are designed to help healthcare organizations strengthen their defenses against increasingly common data breaches and cyber-attacks, such as ransomware and phishing.

Click below to check out our information security services or contact us today to get started!

Related articles