Ransomware and healthcare: A life-and-death issue

Healthcare providers have for years been a preferred target for ransomware, attracting a disproportionate number of attacks. And new data from the US Cyber Threat Intelligence Integration Center (CTIIC) shows that the number of these attacks is rising faster than the overall number of ransomware attacks across all sectors.

According to their research, the total number of ransomware attacks globally in 2023 increased by 74% over 2022. But attacks against healthcare providers nearly doubled in the same period, from 214 to 389. And when looking only at numbers in the US, healthcare ransomware attacks increased by a startling 128%.

Can ransomware kill?

It goes without saying that ransomware attacks in the healthcare industry carry all the same costs as those targeting other types of organizations: Operational disruption, loss of revenue, reputational costs, disclosure of protected information, and both direct and indirect financial costs.

But in the specific case of healthcare, do such attacks also result in degraded patient care leading to worse outcomes, up to and including death? 

Both common sense and anecdotal evidence say yes. In one widely reported 2020 case, a patient in Düsseldorf, Germany, was turned away from a hospital that was crippled by a ransomware attack and died during her ambulance ride to a different hospital.

And in 2019, an Alabama hospital that was undergoing an attack failed to detect that a woman’s baby during childbirth was being deprived of oxygen. The baby suffered brain damage and eventually died. The mother filed suit against the hospital for failing to disclose that it was dealing with a ransomware attack that disabled critical equipment, and the case was settled out of court.

Hard data

A systematic study conducted by the School of Public Health in Minnesota offers more concrete findings regarding the effects of ransomware on patient care, by correlating ransomware attacks on hospitals with records of Medicare claims.

“Trends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016-2021” provided a wealth of information about the nature and consequences of ransomware attacks, which my colleague Christine Barry covered in considerable depth in this 2023 blog article.

In terms of patient outcomes, the study found that hospitals affected by ransomware see a significant drop in patient volume; that the quality of patient care suffers; that treatments are delayed; that ambulance diversions to other hospitals (which, as we saw above, can be fatal) increased; and, perhaps most significant, that hospital mortality increases. 

Specifically, the study found that death rates for hospitalized Medicare patients rose from 3% to 4% during ransomware attacks. During the study period, therefore, ransomware attacks could be blamed for the deaths of between 42 and 67 Medicare patients—and presumably a larger number when non-Medicare patients are included.

Mitigating the risk

Healthcare providers have improved their security against ransomware in some ways over the past four years. But it’s clear that, in the main, they still have a long way to go—and in light of the findings listed above, they have excellent reasons to do so.

It’s critical to do all you can to keep ransomware from getting into your systems in the first place, and that means strengthening protections across multiple vectors. In addition, you need to have effective plans and protocols in place to respond and recover quickly when a ransomware attack does take place.

• Email security 
  Phishing emails remain one of the most popular ways for ransomware crooks to penetrate your networks. Modern email security solutions such as Barracuda Email Protection deliver multiple capabilities to detect and eliminate phishing attempts, using AI-powered features to spot anomalous communications. 

• Security awareness training 
  If your users are alert and well trained to identify and report suspicious emails, they will be far less likely to respond to malicious attacks that initiate ransomware attacks. Barracuda Security Awareness Training—built into Barracuda Email Protection—can help you reduce your vulnerability to these attacks.  

• Network segmentation 
  Cyber crooks love to penetrate an innocuous or low-security part of your network and then move laterally to discover and compromise critical areas, including sensitive data and systems that are central to delivering effective patient care. Robust segmentation of your network can make it much more difficult for them to do this. 

• Zero Trust Access 
  Traditional password-based access controls, and even multi-factor authentication and VPNs, are increasingly vulnerable to sophisticated threats. Implementing a modern zero-trust architecture is a much more effective and reliable way to ensure that only authorized users and devices can access specific digital resources. Barracuda CloudGen Access is a powerful and easy-to-use zero-trust solution to help you do it. 

• Patching and updating 
  Vulnerable software, applications, and APIs are another favorite vector for attackers. Make sure to have a process in place that ensures patches and updates are installed as soon as they become available—any delay is a window for attackers to exploit vulnerabilities. A strong web-application-and-API-protection solution like Barracuda Application Protection can automate this process while also protecting against a wide variety of other application-based attacks. 

• Backup 
  In the fight against ransomware, there is perhaps nothing more critical than an advanced, highly secure backup system like Barracuda Backup. Without backup—or with a backup system that attackers can compromise—a ransomware attack can cripple your ability to operate for weeks or even months. With a modern backup in place, a ransomware attack can be little more than a bump in the road, letting you restore lost data in just days or even hours. 

• Extended Detection and Response 
  As this list illustrates, security is growing more complex, especially for organizations that don’t have the resources to maintain a fully resourced security operations center (SOC). That’s why many organizations are turning to outsourced Extended Detection and Response (XDR) services like Barracuda Managed XDR. These SOC-as-a-Service solutions provide 24/7 monitoring, correlating multiple indicators of compromise to ensure the fastest possible detection of attacks in progress and immediate response to shut them down before they can achieve their goals. 

Protect your data, your network, and your patients

With ransomware criminals increasingly targeting healthcare organizations, advanced security strategies and technologies are critical to protecting your data and ensuring you can deliver optimal care to the patients who depend on you. Learn more about how Barracuda can support you in that mission.