Healthcare Technology Featured Article

August 22, 2023

Putting a Stop to Ransomware Spread in the Healthcare

With its vast databases of critical and sensitive patient information, the healthcare industry has always been an attractive target for cybercriminals.

In recent years, the increasing prevalence of ransomware attacks has exacerbated this vulnerability, putting data and lives at risk. The convergence of technology and healthcare has provided countless benefits, yet it has also opened the door to new threats.

Let’s take a sobering look at the healthcare sector's current ransomware crisis and offer a few practical solutions to curb its spread.

The State of Ransomware in Healthcare

Let’s get the basics out of the way. Ransomware is a type of malicious software that encrypts a victim's files or systems, rendering them inaccessible until a ransom is paid to the attacker. It’s on the lips of security teams and medical professionals alike – now a household phrase made famous by some nasty, high-profile, and worldwide breaches of patient data.

The consequences of such attacks can be dire for healthcare facilities and suppliers. Beyond the loss or compromise of patient data, an attack can disrupt medical services, leading to delayed treatments or even jeopardizing patient care.

Several factors make healthcare organizations particularly susceptible to ransomware:

  • Legacy Systems: Many healthcare institutions rely on outdated systems and software out of operational necessity, which may not have the latest security patches or be ring-fenced and isolated for best security practices.
  • High Value of Patient Data: With their wealth of personal and medical data, from Social Security numbers to detailed health histories, medical records can fetch a high price on the black market and dark web, acting as a gateway to further cybercrime and data exposure.
  • Urgency of Care: Knowing that healthcare providers can't afford prolonged downtimes without endangering lives, attackers believe such institutions may be more likely to pay the ransom promptly.
  • Complex IT Environments: With a plethora of devices, systems, and software applications connected to their networks, managing and securing these diverse environments can be extremely complex and challenging. Gaining visibility into what is going on - into what applications are connected and talking to what parts of the organization network or data, locally or in the cloud - is no small task.
  • Insufficient Cybersecurity Training: 88% of data breaches are caused by human error [Stanford Research], and while not unique to healthcare, many staff members in healthcare facilities may lack regular and comprehensive cybersecurity training. This makes them more susceptible to phishing attacks or unintentional breaches, the first step in most ransomware attacks.
  • Limited IT Budgets: Despite the critical nature of IT in healthcare, and the risks being showcased daily in the national press, many organizations allocate limited budgets to cybersecurity, often prioritizing other pressing needs related to patient care.
  • Interconnected Devices: The rise of the Internet of Medical Things (IoMT) means more devices are connected to hospital networks. Each device can be a potential entry point if not secured properly – from the Computed Tomography machine in the basement to the thermometer in the fish tank in outpatient reception.
  • Regulatory Compliance: Healthcare organizations have to comply with numerous regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and NIST 800-53 (now with a broader focus that also applies to non-government entities, including the healthcare sector). While these regulations emphasize protecting patient data, they can stretch IT departments thin as they work to ensure compliance on top of so many other critical responsibilities.
  • Rapid Digital Transformation: The swift push towards digitizing health records and implementing electronic health record (EHR) systems may sometimes (unintentionally) overlook critical security considerations.
  • Physical Access: Hospitals and clinics are public spaces with tens of thousands of individuals, including patients, vendors, and visitors, coming in and out every day. This foot traffic can lead to increased risks, such as unauthorized individuals gaining physical access to connected computers. Add to this insider risk, the potential threat posed by employees, contractors, or associates who have inside information concerning an organization's security practices and vulnerable access to data computer systems.

Ten Strategies to Prevent Ransomware Spread in Healthcare Settings

While the challenge is significant, it is not insurmountable. Statistically, however, attackers and bad actors will get in – so stopping the spread is just as important as stopping them from gaining entry in the first place. With strategic planning and proactive execution of cybersecurity best practices, healthcare institutions can drastically reduce their risk.

Here are ten practical solutions:

  1. Least Privilege Access: Ensure that employees and applications only have access to the information essential for their work. Often known as “zero trust,” this limits the potential spread of ransomware if a particular account or device is compromised, stopping access to high-privilege accounts with access to critical systems and operations.
  2. Update and Patch: Regularly updating operating systems, applications, and any device connected to the network ensures that known vulnerabilities are addressed. Many ransomware attacks exploit out-of-date systems.
  3. Network Segmentation: By segmenting the network, healthcare institutions can ensure that if one part of the network is compromised, the ransomware does not easily spread to other parts. Microsegmentation, network segmentation on a granular level that sets policies at a more refined and secure level, is generally considered best practice and preferred by cyber insurance companies and data regulators.
  4. Employee Training: Human error, often in the form of falling for phishing schemes, remains a significant vulnerability. Regular training sessions, while time-consuming for security teams, can keep staff informed about the latest threats, and how to recognize them, and can often be the single largest benefit to an overall security posture.
  5. Regular Backups: Ensuring that data is backed up regularly, and that backups are stored securely (preferably offline, offsite, or in an isolated network), is fundamental. In the event of an attack, this allows institutions to restore their data without paying the ransom.
  6. Multi-factor Authentication (MFA): By requiring multiple forms of verification before granting entry to an account or system, MFA makes it more challenging for attackers to gain access, even if they have login credentials.
  7. Endpoint Detection and Response (EDR): Deploying advanced EDR solutions can help in monitoring and responding to suspicious activities on endpoints (devices or nodes that communicate on a network, such as computers, mobile devices, and servers) in real-time.
  8. Regular Vulnerability Assessments: Institutions can address weaknesses before attackers exploit them by regularly assessing the network and systems for vulnerabilities. This is generally recognized as being standard practice, and time and resources must be found to find the weaknesses before attackers do – prevention is always better than cure.
  9. Rapid Response Plan: While prevention is critical, being prepared to respond swiftly when an attack does occur is equally crucial. A defined and rehearsed incident response plan ensures that the institution can mitigate the attack's effects, communicate transparently, and recover with minimal disruption.
  10. Collaborative Defense: Collaboration between healthcare entities, cybersecurity firms, and even law enforcement can be crucial. Sharing threat intelligence and best practices can fortify defenses across the board.

The world of healthcare is evolving, embracing digital tools to make patient care better and operations smoother. However, with this digital leap come new hurdles, with ransomware being among the most pressing.

It’s important that we think of cybersecurity as a key part of keeping patients safe and of the healthcare provider/patient relationship. Cybersecurity is a board matter, and everyone's responsibility, with Chief Executives and Executive Directors well aware of the issue and its implications. By staying alert, following smart online habits, assigning realistic funding, and promoting a culture where everyone's cyber-aware, the healthcare world can stay a step ahead of ransomware threats, ensuring patient care is always safe and seamless.

Author bio

Nik Hewitt is the Sr. Content Marketing Manager at TrueFort, the leading lateral movement protection platform. He is a BAFTA-winning digital storyteller with nearly three decades of experience in digital content creation and IT/cybersecurity journalism. Now living in rural Ireland, he has worked with some of the world’s largest cybersecurity providers. Currently thriving with the team at TrueFort, Nik is a committed advocate for workplace equality and a champion for the use of AI in digital marketing Nik can be reached online at and at

Get stories like this delivered straight to your inbox. [Free eNews Subscription]


FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]