The Worst Ransomware and Cyberattacks in Healthcare

The healthcare sector has been victimized by many ransomware and other types of cyberattacks over the last several years. Companies operating in healthcare make attractive targets for cybercriminals for a variety of reasons. A successful attack against a healthcare provider can have devastating consequences for the whole community.

This article will look at some of the worst cyberattacks launched against the healthcare sector. We’ll discuss how the attack was perpetrated and the repercussions to the affected entity and its associated patients.

Why Threat Actors Target the Healthcare Sector

Threat actors choose their targets based on several factors. Attacking organizations in the healthcare sector satisfies multiple selection criteria.

• The majority of organizations in the healthcare sector store and process protected health information as well as payment and financial details on patients. This data is extremely valuable to cybercriminals and its loss can cause long-term problems for the individuals whose data was compromised.
• Victimized healthcare facilities may be willing to pay a ransom to cybercriminals to regain access to mission-critical systems that are required to provide patient services.
• Some healthcare organizations, such as smaller regional hospitals, may be operating with substandard security measures in place that can be easily compromised by threat actors.

The U.S. Federal Bureau of Investigations (FBI) reports that ransomware attacks against the healthcare sector are increasing. Healthcare represents the critical infrastructure component receiving the greatest number of ransomware attacks.

Cyberattacks on Healthcare Organizations Are Particularly Dangerous

Any company hit with a successful ransomware or malicious cyberattack is faced with serious problems as they attempt to recover. They need to quickly recover the affected systems and may have to consider paying the ransom if a viable recovery plan is not in place. Business operations can be degraded and there can be substantial financial losses to victimized organizations.

Healthcare companies have additional concerns to address when impacted by a cyberattack. While the financial viability of the organization may be at risk, so too are the potentially life-saving services offered to its patients. Hospitals cannot afford extended outages that impact their ability to schedule and perform operations or deliver effective patient care.

Lives can be seriously impacted or lost in the wake of a cyberattack on a healthcare facility. Threat actors maliciously leverage this knowledge when launching attacks aimed at healthcare organizations.

The Most Recent Data on Cyberattacks on the Healthcare Sector

NTT Security Holdings’ 2023 Q3 Global Threat Intelligence Report on the Healthcare Sector offers some sobering statistics regarding existing and emerging risks. Highlights include the following statistics.

• The U.S. healthcare sector is targeted most often with close to 70% of reported attacks being perpetrated against companies located in the United States.
• Lax third-party security was responsible for high-profile data breaches affecting Johnson and Johnson Healthcare Systems and the Colorado Department of Health Care Policy and Financing (HCPF).
• Top ransomware threats come from the LockBit and ALPHAV variants. New Muldrop and Trojan droppers have been identified as risks for healthcare organizations.

Some of the Worst Cyberattacks on the Healthcare Sector

Let’s look at some of the worst cyberattacks conducted against companies in the healthcare sector. These attacks had the potential to impact both the victimized organization and its customers or patients.

• Düsseldorf University Hospital in Germany - A cyberattack installed ransomware and froze 30 of the hospital’s servers in September 2020. The exploited vulnerability was described as popular commercial add-on software. This attack had tragic repercussions as patients were required to be moved to different healthcare facilities, causing a delay in treatment. A critically ill woman died due to the delay.
• Vastaamo, a Finnish Psychotherapy Center - Vastaamo experienced a cyberattack on its patient record system in 2018. The company covered up the incursion but had to disclose knowledge of the attack in 2020 when patients were blackmailed by cybercriminals and threatened with the release of their personal data. Vastaamo was forced to declare bankruptcy in the wake of the attack and the fines levied by Finnish investigators for the company’s nondisclosure.
• UK National Health Service (NHS) - A 2022 attack on the NHS’s Adastra IT system impacted the emergency services of 85% of its providers. The attack affected ambulance dispatches, emergency prescriptions, and out-of-hours appointment bookings. Providers had to resort to contingency plans in an attempt to keep up with patient services, but significant delays were experienced.
• Prospect Medical Holdings in the U.S. - A 2023 attack on the organization’s IT systems resulted in some services being offline for up to 40 days. The ransomware attack forced facilities to use paper records and to close some services temporarily. The ransomware gang Rhysida has claimed responsibility for the attack and states it has sold exfiltrated data and plans to publish more in the future.
• Regal Medical Group in California - A ransomware attack conducted on December 1, 2022, resulted in the theft of personally identifiable information (PII) and protected health information (PHI) on over 3.3 million individuals. The stolen information includes Social Security numbers, names, addresses, phone numbers, treatment information, and laboratory test results.

How an XDR Platform Mitigates the Threats of Cyberattacks

Deploying an extended detection and response (XDR) solution strengthens a healthcare organization’s security posture by integrating with existing cyber defenses. Advanced XDR platforms enhance cybersecurity and reduce the risk of falling victim to a successful ransomware attack.

The following features of an XDR platform make it effective for minimizing the threat of cyberattacks in the healthcare sector.

• An XDR platform leverages threat intelligence to identify existing and emerging threats that pose a risk to healthcare organizations.
• Advanced analytics and machine learning are used to identify anomalous activity that may indicate systems have been compromised.
• XDR can identify the subtle lateral movements of threat actors as they traverse the environment to find valuable targets.
• XDR can be instrumental in identifying the signs of advanced persistent threats (APTs) that may lie dormant in a healthcare organization’s IT environment until activated by cybercriminals.
• XDR integrates with existing cybersecurity solutions to strengthen an organization’s security posture.
• An XDR platform presents IT personnel with a unified interface that consolidates and prioritizes threats. This feature improves productivity and helps organizations with limited security resources.

Healthcare organizations should strongly consider adding an XDR platform to their cybersecurity stack. Contact Samurai and take advantage of our affordable plan to see how XDR helps protect your organizations from cyberattacks.