How Ransomware and Phishing Impact the Healthcare Sector

Healthcare organizations were overwhelmed with cyber attacks during 2020 and 2021, and hackers show no sign of abating in 2022. 89% of healthcare organizations worldwide have experienced a breach in the past two years, with cyber attacks on healthcare infrastructure increasing by 30% in Q3 of 2021 alone. Last year saw services like Scripps Health in the US and the National Health Service in Ireland experience weeks of downtime and service disruptions due to separate cyber attacks, threatening their patients’ health and privacy, as well as their reputation as a trusted care provider.

Ransomware on the rise

In 2021, ransomware impacted 1,203 sites across the US, including hospitals, hospices, clinics, education centers, blood banks, and more. Many of these organizations cannot or do not want to divert revenue and resources to cybersecurity when it could be used to buy medical equipment that directly relates to patient care. With investment focused on patients, little financial support is given to equipment updates or patches, meaning that the industry continues to use legacy and end-of-life systems which are more likely to be an easy entry point for attackers. And with teams often understaffed and overworked, particularly during the height of the COVID-19 pandemic, cybersecurity threats can be a lesser priority.

Healthcare organizations’ pressure to ensure continuity of service and protect public image also makes the sector the most likely to pay a ransom; 34% of healthcare professionals whose data was encrypted admitted to paying the ransom compared with a cross-sector average of 32%. In 2020, the University Hospital in New Jersey paid up to $670,000 to prevent 240 GB worth of stolen files from being leaked. And even when organizations refuse to pay a ransom, the financial effects can be just as severe: the University of Vermont Medical Center lost $50 million in revenue and recovery after suffering a ransomware attack, despite never paying the ransom.

Almost two-thirds of organizations have admitted that they’ve had to cancel in-person appointments due to a cyber attack, with healthcare providers also citing delayed procedures and an increase in patient transfers as consequences of these attacks. At worst, they can even lead to loss of life, as was the case at Springhill memorial Hospital in Alabama in 2020, when medical staff could not access fetal heart rate monitors.

Phishing and email security

The rise of email-related breaches in healthcare has been staggering. In 2012, just 4% of breaches involved email. In 2020, that number reached 42%, with one major California hospital experiencing a 700% increase in malicious email files entering their systems in October 2020 alone. The vast majority (91%) of cyber attacks begin with phishing emails, often used to infect healthcare providers with malware like ransomware.

Hackers are motivated to carry out email attacks like phishing, spear phishing, and Business Email Compromise (BEC) for a number of reasons, namely the value of health industry data, with medical records sold on the black market for 50 times more than financial information. Phishing is prevalent in healthcare as it allows hackers to take advantage of often overworked professionals. And attacks have increased in light of the COVID-19 pandemic, as the workforce are either working remotely or on the frontline – in both cases, employees are unable to verify if requests or suspicious links are a threat as quickly or as effectively. As a result, 88% of healthcare workers have opened a phishing email at some point, giving hackers a much better chance of exfiltrating credentials and personal data to steal or hold to ransom.

Healthcare cyber risks identified by CleanINTERNET

Centripetal’s experience conducting a Proof of Value (POV) for a healthcare provider in 2019 revealed targeted botnet attacks on remote access, IoT, vulnerable software, web applications, email, and more. Our solution, CleanINTERNET, also identified multiple TOR sessions from enterprise systems, compromised systems due to phishing link clicks, and compromised hosts internally, that were observed to be a source of data exfiltration.

Preventing these attacks means employing an intelligence-driven cyber solution that detects and shields incoming threats in near real-time. CleanINTERNET prevents attacks like phishing and ransomware from escalating by creating a Zero Trust environment, aggregating thousands of separate cyber threat feeds to proactively shield businesses from 99% of known cyber threats. Our solution creates tangible business value for healthcare organizations as our SOC team act as extension of your own security team, helping to narrow the skills gap, remove the burden from business internal teams, and enabling compliance to regulations like HIPAA and PCI DSS. Safeguard your employees, partners, stakeholder, and patients by boosting your cybersecurity posture with CleanINTERNET.

Find out more about CleanINTERNET’s benefits within the healthcare sector by speaking to one of the Centripetal team.


Experience how CleanINTERNET® can proactively protect your organization.