Ransomware attacks against hospitals

Ransomware attacks against hospitals are resulting in serious consequences for patients due to the reduced availability of systems and services when hackers encrypt hospital networks. A survey of healthcare organisations showed that ransomware attacks have resulted in patients needing to be kept in hospital longer than necessary, delays in providing test results and performing procedures - and, incredibly disturbingly, an increase in the number of patient deaths. This survey was conducted by The Ponemon Institute think tank and cyber security company Censinet. 

Ransomware is a very corrupting crime for all industries; however it is more impactful on the healthcare system because of the risk to patient care. If a retailer is hit by a cyber attack customers are able to go elsewhere to fulfil their needs that sadly isn’t the case with hospitals. This is one reason why the rise in ransomware attacks on the healthcare system is so lucrative. Threat actors are aware that hospitals are much more likely to pay a ransom demand than potentially endanger patient lives, especially now that the world is barely out of the midst of one of the worst global health crises it's ever faced. 

Over 30% of people who took part in the survey at hospitals affected by ransomware attacks reported an increase in complications for patients following medical procedures and roughly 70% of patients had a longer stay in hospital because of ongoing damage caused by ransomware attacks. One in five of the hospital workers who took part in the survey stated that there was an increase in patient deaths when ransomware attacks hit.  

The healthcare industry is a tempting target for hackers to launch ransomware attacks due to its critical nature. Hospitals budgets are usually stretched pretty thin at the best of times so quite often cyber security is a low priority which can lead to many vulnerabilities in networks and systems not being patched leaving them open to cyber attacks. If healthcare organisations invest in the tools and staff required to help discover and fix vulnerabilities in endpoints and networks, it could go a long way in helping keep hospitals and patients safe from the consequences of cyber attacks.