With Hospital and Healthcare Systems Increasingly at Risk of Becoming Ransomware Targets, More and More Patients’ Health and Lives are in Jeopardy

With Hospital and Healthcare Systems Increasingly at Risk of Becoming Ransomware Targets, More and More Patients’ Health and Lives are in Jeopardy


The world becomes more interconnected by the day with the constantly evolving digital landscape most people now inhabit. While the intended benefits of being instantly connected, having a broader scope of people to reach, and seemingly endless information available at your fingertips are readily felt, these luxuries we are accustomed to have come with a price. Organizations face no greater threat from this new climate than the danger of their private data and networks being compromised in a cyberattack.

Over the past decade or more, cybercrime, and particularly ransomware attacks, have unfortunately been trending upwards. Particularly, these cybergangs have grown bolder and are targeting organizations deemed to have higher potential payout due to the cost to repair the breach and the number of victims affected. This includes educational institutions and government organizations, but perhaps none has more devastating repercussions than hospitals and other health systems.

Hospitals and Healthcare Systems have become Primary Victims of Cybercrime

Per IBM’s annual report on data breaches, healthcare systems have had the most expensive breaches for 13 years straight now, with an average of $11M per breach. These ransomware attacks have targeted a various array of entities within the healthcare industry: insurance providers, pharmaceutical systems, hospitals, and other medical centers, which does not even include third-party cybersecurity companies, particularly those that provide file transfer software. At the beginning of this year, experts saw a drop in cyberattacks targeting hospitals and other healthcare organizations though they gave indication that this would only be temporary, and they were only too right. John Riggi, national advisor for cybersecurity and risk for the American Hospital Association and a former federal investigator, said even last month that he had been seeing an increase in this type of activity over the summer, with already more than 220 cyberattacks that have targeted healthcare systems and over 36 million people affected. This puts 2023 on pace to be even worse than 2022, which saw 44 million people affected the entire year, an increase in ransomware attacks on health systems marked by Barracuda going from 12% to 18%.

August 3rd saw the largest ransomware attack on a US hospital system since ’22, targeting Prospect Medical Holdings which includes 16 hospitals and more than 165 outpatient centers across the nation, also the largest attack on any US healthcare organization since ’21. This attack left facilities scrambling to adapt to working without access to their systems while their IT department fought to secure and, inevitably, shut down their networks. This comes freshly off the heels of one of the largest cyberattacks of any kind earlier this summer, the MOVEit data breach by Russian ransomware gang cl0p who has also claimed responsibility for the Prospect attack. In that attack Maximus, a US government contractor responsible for programs such as Medicare and Medicaid, revealed that over 11 million records of private health information had been compromised, which also included Social Security numbers. Outside the US, the Canadian province of Nova Scotia also had healthcare information exposed in the MOVEit breach.

The Life-Threatening Risks from the Effect of Cyberattacks on Healthcare Systems

These attacks leave organizations of all types without access to networks and integrated frameworks and with sensitive data concerning the organization and the individuals under their umbrella exposed. For healthcare systems and hospitals especially, this can have an even more devastating impact as it immediately impacts the daily operations of ever staff member. Hospitals particularly use interconnected systems and integrated software for filing patient records, communication within and across departments, and payment. When these systems are no longer available staff members must resort to more antiquated methods such as notetaking and record keeping using pen and paper along with other more manual processes. This results in more time being spent in these daily procedures and increased risk of communication failures and information being lost.

Hospitals can see numerous effects manifest during these attacks such as disruption of cancer treatment, canceled surgeries, ambulances being diverted from emergency rooms, test results being unavailable, and shutting down their systems. The attack at the beginning of August saw facilities shutting down entire departments and services, and in a couple instances whole facilities were shut down. The aftermath of these attacks can have lasting effects anywhere from days to months that systems will be recovering from; Crozer Health, a Pennsylvania hospital affected in the Prospect attack, only just this week got their system back online. And it is not only the hospitals involved in the breach that are affected as nearby medical facilities will be impacted as well with increased number of patients due to patients going over on their own, transfers from directly impacted facilities, and diverted ambulance traffic. It is because of these repercussions and the lasting impact that Riggi refers to these as “threat-to-life crimes”.

Patients are less likely to receive adequately prompt care due to processes at medical facilities tied to the breach taking longer due to manual processes, communication breakdowns, lost access to information, longer ambulance rides, and more crowded waiting rooms. In many of these instances some patients never even receive care, and often those who can leave on their own end up doing so. There have been no deaths reported that were directly impacted by these ransomware attacks, though an Alabama woman is suing a hospital for responsibility in the death of her 1-year-old child who she claims did not receive adequate care as a result of the hospital’s response to a cyberattack. However, recent studies are showing that there seems to be a direct correlation between the downtime hospitals see in these ransomware attacks and higher patient mortality rates.

Reaction and Response to Ransomware Attacks

As expected, Federal authorities and the American Hospital Association have encouraged all organizations, in this case health systems, to not pay the ransoms demanded by these cybergangs, as doing so only helps fund more of these attacks, may help fund weapons programs in volatile regions, and encourages them and others further that targeting health systems can be successful. As stated earlier, often these criminals do not hold to their end of the bargain and after receiving payment either will sell the information regardless or do not give a working solution to the victim and may end up demanding more money. Healthcare organizations are being encouraged to shore up their security systems in place and gear them toward defending against these ransomware attacks, which experts admit is becoming increasingly difficult. Most of these cybergangs, such as cl0p and another authorities are warning organizations about: TimisoaraHackerTeam (THT), use Lockbit, a ransomware program, which cl0p particularly has used to find and exploit insecurities that were previously unknown. The FBI has announced they have launched an investigation into the ransomware attack earlier this month.