How Ransomware is Disrupting Healthcare: Patient Care Under Siege

Ransomware attacks on healthcare organizations have escalated dramatically in recent years, emerging as a critical threat to patient care, operational stability, and data security.

Why Healthcare is Especially Vulnerable to Ransomware Attacks

The healthcare sector, with its sensitive data and often outdated IT infrastructure, has become an increasingly attractive target for cybercriminals. The recent high-profile ransomware attacks on OneBlood, Synnovis, and Octapharma by Russian cybercrime groups further highlight the vulnerabilities within the healthcare supply chain, creating a surge effect that threatens the entire industry and more importantly, the well-being of patients.

Increasing Frequency and Impact

From January 2016 to December 2021, the U.S. healthcare sector experienced 374 ransomware attacks, affecting nearly 42 million patients. The number of attacks more than doubled in this period, with nearly half causing disruptions to healthcare delivery. The trend has continued to worsen, with 46 hospital systems targeted in 2023 alone (up 84% from 2022) — a worrying threat trend. The increasing frequency and severity of these attacks highlight the urgent need for vigilance when it comes to cybersecurity measures.

What are the Operational Disruptions and Life-Threatening Consequences of Health Ransomware Attacks?

Ransomware attacks often result in significant operational disruptions, such as delays in medical procedures, appointment cancellations, and compromised emergency services. These disruptions can have life-threatening consequences, particularly in emergencies where time is of the essence. The recent attacks on OneBlood, Synnovis (UK), and Octapharma did more than just disrupt operations—they directly impacted patient care.

This is starkly illustrated by the British National Health Service (NHS) stating the Synnovis health ransomware attack impacted at least 12 hospital and primary healthcare facilities in East London alone.

"Blood tests are vital for a wide range of treatments, meaning that this attack has caused significant disruption in south east London across a range of different treatments."  
– NHS during the Synnovis attack

As healthcare becomes more digital and connected, the risk of cascading failures within the network increases, making it crucial for organizations to strengthen defenses. Where possible, it could even be advantageous to pool and share knowledge across organizations.

What are the Financial and Data Security Implications for Healthcare Organizations?

The financial implications of ransomware attacks are growing. The average cost of a healthcare data breach is $9.23 million per incident in 2021, growing to $10.1 million in 2022, encompassing not only ransom payments but also the associated costs of downtime, remediation efforts, and regulatory fines.

Healthcare organizations are particularly vulnerable due to the high value of patient data and the sector's often outdated IT infrastructure. The recent attacks on key suppliers like Synnovis and Octapharma reveal a weakness in the connected nature of our health industry — one that cybercriminals are increasingly exploiting.

"We are very aware of the impact and upset this incident is causing to patients, service users and frontline NHS colleagues, and for that I am truly sorry. While progress has been made, there is much yet to do, both on the forensic IT investigation and the technical recovery. We are working as fast as we can and will keep our service users, employees and partners updated.”
- Mark Dollar, CEO, Synnovis

The Need for Comprehensive Risk Management

The recent attacks on healthcare suppliers put a spotlight on the urgent need for the sector to reassess how it manages risk, particularly concerning third-party vendors that provide mission-critical services. The healthcare supply chain is only as strong as its weakest link, and a failure at any point has and will continue to have cascading effects across the entire network.

It's no longer sufficient to focus solely on internal systems—suppliers must be incorporated into risk management and business continuity/disaster recovery (BC/DR) plans. The American Hospital Association (AHA) has emphasized that these incidents should serve as a wake-up call for the entire industry.

Regulatory and Policy Responses

There have been calls for stronger cybersecurity measures and regulatory standards. The Biden administration has proposed budget allocations to enhance hospital protections.

As the healthcare sector continues to face an increasing quantity of sophisticated attacks, robust regulatory and policy responses will be crucial in mitigating the risks and protecting patient care.

How healthcare organizations can combat ransomware

Ransomware attacks often exploit multiple weaknesses, from human error to outdated software. To mitigate as low as reasonably practical we need a multi-layered defense, this makes it significantly harder for ransomware attacks to succeed while making organizations prepared to recover quickly if an attack does occur. Let's take a look at some of the best practices.

• Employee Training: Educate employees on phishing and data risks, focusing on recognizing phishing emails and cybercriminal tactics. AI is going to make these types of attacks harder to spot.
• Vulnerability Assessments: Regularly assess and address security gaps through internal or external evaluations. Often referred to as Penetration tests.
• Multi-Factor Authentication (MFA): Use MFA for email, remote systems, and other access points to prevent unauthorized access. Be aware of social engineering tactics such as MFA Bombing.
• Data Encryption: Encrypt sensitive data at rest and in transit to protect it from unauthorized access. Especially important as we start seeing data exfiltration (data theft) as a common ransom tactic among cybercriminals.
• Regular Data Backups: Maintain and test secure backups regularly to ensure quick recovery in case of an attack. Ensure backups are offsite and immutable. Don't just consider computer systems - platforms such as Microsoft 365 should also have a comprehensive backup in place.
• Incident Response & BC/DR Plans: Develop comprehensive incident response and BC/DR plans to ensure swift action during a ransomware attack and maintain operations with minimal disruption. Know and understand the difference between them and how they work together.
• Secure Baselines: Aligning with configuration baselines and best practices, such as the Center for Internet Security (CIS) Benchmarks, greatly enhances a system's security posture.
• Asset Management: Track and manage connected devices to prevent vulnerabilities from outdated equipment.
• Third-Party Management: Ensure third-party service providers have complete information to protect your systems and data. Put these third parties on your risk register.

Wrapping Up

The increasing frequency, severity, and complexity of ransomware attacks demand immediate action. From reassessing supply chain vulnerabilities to strengthening cybersecurity measures, the industry must adapt to the realities of an interconnected healthcare system.

The next attack is inevitable.

How Can Alcion Help?

Alcion prioritizes security in every aspect of backing up Microsoft 365. Our backup-as-a-service solution offers industry-leading features, all while ensuring your data is securely stored outside the Microsoft ecosystem.

Here are some key features Alcion provides to help mitigate the impacts of a ransomware attack.

• Continuous Backup Verification
• Malware Elimination
• Ransomware Detection
• XDR Integration (e.g., Microsoft 365)
• Backup Delete Protection (Immutability)
• Intelligent Backup Scheduling
• Point-In-Time Restore (PITR)
• Microsoft 365-Optimized Backup Engine

You can try Alcion for free! The trial runs for 14 days, and no credit card is required.