Targeted Ransomware in Healthcare

Targeted Ransomware in Healthcare

“Cybersecurity is a war of attrition between the defenders and the attackers.”

The global pandemic has pushed healthcare institutions to their absolute limits in terms of capacity and handling of patients and their data. On top of this, there have been multiple reports stating that there are increasing levels of cyberattacks on these institutions where a delay or disruption could mean the difference between life and death. Some of the most consequential menaces to healthcare have come in the form of ransomware attacks- Cyberattacks in the form of malicious software or malware which encrypts data until a ransom is paid in exchange for accessing the data.


Effects on Healthcare institutions

In 2020, 92 separate ransomware attacks affected more than 600 clinics, hospitals, and organizations, and more than 18 million patient records. The estimated cost of these attacks in total is nearly $21 billion, according to a recent analysis from security company Comparitech. A ransomware attack could potentially cause the entire system of an institution to collapse. Critical information that could lead to loss of life is held hostage. An event like this could have dire outcomes like cancellation of surgeries, relocating critical patients to other hospitals, loss of information and lead to communication breakdowns.


How Ransomware works

Typically, cybercriminals infect the system with ransomware using techniques like

  • Using phishing emails that contain malicious attachments (Spamming)
  •  Trying to get a victim to open a malicious link (Spear phishing)
  •  Viewing advertisements that could contain malware (malvertising)

The tactics, threats, and procedures (TTPs) that are used by cybercriminals keep evolving and make it difficult for security personals to keep up. Ransomware attacks on healthcare institutions comes with huge demands as the attackers are aware of the time sensitivity involved with the encrypted data. Generally, the ransom is paid in bitcoins or other digital currencies for which the identities of receiver is very difficult to trace.


Ransomware prevention

Institutions can act proactively to prevent or at the very least contain such malicious ransomware attacks by following approaches

Providing training to employees

In most cases, the entry point for ransomware is human error. Your employees could be either the point of entry or the first line of defense. Make use of simple training tips like double-checking the domain name of the sender, looking for spelling errors as well as numbers replacing letters, reviewing signature and legitimacy, and not clicking on suspecting links.

Layer security

The cornerstone of next-generation firewalls includes having security like ‘NGFW with ransomware protection’, ‘Endpoint Security to protect individual devices on your network, and ‘Email Security’, that can catch many phishing emails before they make it to your inbox.

Also, make sure your teleworkers are connected via secure remote access.

Backups and Data loss and prevention policy (DLP)

Having backups of your backups would eliminate the risk faced even if your primary data is held hostage by a ransomware attack. Ensure regular backups are made on an hourly basis, twice a day or even once a week considering the levels of volatility of your data.

Data loss prevention (DLP) is an approach that seeks to improve information security and protect business information from data breaches. It prevents end-users from moving key information outside the network.

For more information about ‘Security Vulnerabilities of a Remote Workforce’ head over to our Blog


Health care institutions contain the most vulnerable data points of all systems and are definitely prone to an increasing amount of cyberattacks. We might not be able to completely avoid cyberattacks like ransomware attacks but we can prevent or at the very least reduce the damage and loss of information by taking proactive steps and implementing preventive measures for our institutions so we can keep sensitive data away from criminals and protect our patients.


Have questions about finding an
Privileged Access Management consultant?

Call +1 (925) 918-6618 the consultation is free.

About Sennovate

Sennovate delivers custom identity and access management solutions to businesses around the world. With global partners and a library of 1000+ integrations, we implement world-class cybersecurity solutions that save your company time and money. We offer a seamless experience with integration across all cloud applications, and a single price for product, implementation, and support. Have questions? The consultation is always free. Email [email protected] or call us at: +1 (925) 918-6618