Cybercriminals have set their sights on the healthcare sector, and recent breaches have shown just how vulnerable this industry has become. With healthcare providers relying more on digital systems, the risks of ransomware attacks and data breaches are growing. Healthcare organizations can use recent incidents as learning opportunities to enhance their defenses, protect patient data, and maintain smooth operations.
Healthcare’s rising vulnerability to cyberattacks
In 2023, over 88 million people in the U.S. were impacted by large-scale healthcare data breaches—a 60% jump from the year before. Unfortunately, 2024 is shaping up to be just as severe, with high-profile ransomware attacks hitting providers across the U.S., Canada, and Australia. These incidents reveal how deeply interconnected systems and electronic health records have made the sector a target for cybercriminals.
What recent breaches reveal
Ascension Healthcare’s disruption
In May 2024, Ascension Healthcare, a nonprofit running 140 hospitals, suffered a ransomware attack by the Black Basta group. The fallout was immense: ambulances were diverted, phone systems went down, and electronic records became inaccessible. Many facilities had to switch to paper records, delaying tests and canceling procedures. Weeks later, some pharmacies were still closed. The breach exposed weaknesses in Ascension’s disaster recovery plans and cybersecurity defenses.
The Change Healthcare crisis
Earlier in 2024, Change Healthcare, part of UnitedHealth Group, faced its ransomware attack. Hackers stole 4 terabytes of data and demanded a $22 million ransom. The attack’s ripple effects included $593 million in response costs and an estimated $1.6 billion in total damages by year-end. Payment systems used by hospitals, clinics, and pharmacies were severely disrupted, exposing gaps in basic safeguards like multi-factor authentication (MFA).
Other alarming incidents
The year also saw attacks on healthcare providers globally. In Canada, London Drugs shut down its pharmacies due to ransomware. In Australia, MediSecure’s prescription services were disabled after a breach involving a third-party vendor. In Wisconsin, Group Health Cooperative lost data on 530,000 individuals, even though encryption prevented the hackers from locking systems.
These cases make it clear that no healthcare organization—large or small—is immune to cyberattacks.
Lessons healthcare organizations can’t ignore
Assume breaches will happen
Operating under the assumption that a breach is inevitable encourages preparation. Healthcare providers should create and regularly test disaster recovery plans, run tabletop exercises to identify vulnerabilities and align security with broader organizational goals.
Don’t overlook the basics
While advanced security tools are valuable, the fundamentals matter just as much. This includes implementing MFA to prevent credential theft, conducting regular penetration testing, keeping software patches up-to-date, and maintaining strict control over access to sensitive data through IT asset management and data loss prevention tools.
Use free resources
Healthcare providers often face tight budgets, but free tools can help. Open-source vulnerability scanners, breach monitoring services like HaveIBeenPwned, and government resources from agencies such as the U.S. Cybersecurity & Infrastructure Security Agency (CISA) can strengthen defenses without adding cost.
Manage third-party risks
Vendors and integrations can introduce vulnerabilities, as MediSecure’s experience shows. Organizations need processes to evaluate and monitor third-party providers, secure APIs, and track potential risks in software supply chains.
Communicate clearly during a breach
When a breach occurs, how an organization communicates matters. Avoid making overly optimistic public statements early on, as this can backfire if the damage turns out to be worse than expected. Transparency and honesty go a long way in maintaining trust with patients and stakeholders.
Proactive defense
Healthcare providers can’t afford to treat cybersecurity as an afterthought. Recent breaches prove the need for ongoing vigilance and investment in both technology and staff training. By taking proactive measures, like prioritizing security basics, managing third-party risks, and staying prepared for potential breaches, organizations can build resilience against cyber threats.
Cybersecurity is not a one-and-done process. It’s a challenge that requires continuous attention. Staying informed about new threats and fostering a culture of security awareness can help healthcare providers protect what matters most: patient care and trust.
FAQs
How can individuals and organizations protect themselves from cyberattacks?
- Strong passwords: Use complex and unique passwords for different accounts.
- Security software: Install and regularly update antivirus and antimalware software.
- Employee training: Educate employees about cybersecurity best practices.
- Regular backups: Regularly back up data to a secure location.
How do cyber attacks impact healthcare operations and patient care?
- On average, cyberattacks take healthcare organizations offline for six hours, with smaller hospitals commonly being offline for 9 hours or more.
- 95% of identity theft happens because of stolen healthcare records.
What are the consequences of cyberattacks on healthcare organizations?
- 20% of hospitals that experienced a cyber attack reported an increase in patient mortality.
- Ransomware is the most disruptive attack type that leads to the most operational delays.
- 90% of healthcare organizations reported a loss in revenue after a cyber attack.
Learn more: HIPAA Compliant Email: The Definitive Guide
Farah Amod
