Cyber attacks on healthcare organizations are surging – here's why

Cyber security concept image showing a digitized padlock resting on an illuminated circuit board.
(Image credit: Getty Images)

Healthcare organizations around the world are facing a barrage of cyber attacks, causing widespread disruption to medical services and clogging up patient waiting lists.

Research from cyber security training firm KnowBe4 reveals the industry has uncovered a dramatic surge in both the frequency of attacks, and the costs they incur.

The report showed the global healthcare sector was targeted with 1,613 attacks per week in the first three quarters of 2023, nearly four times the global average.

The investigation cited IBM’s 2023 Cost of a Data Breach report, which found the average cost of a breach reached almost $11 million, more than three times the global average in the last three years, making healthcare the costliest sector for cyber attacks

But the financial component calculated by IBM doesn’t take into account the human cost associated with the disruption such breaches cause.

For example, NHS England was forced to cancel thousands of procedures and outpatient appointments following the Qilin attack on the blood testing company Synnovis on 3 June. 

Commenting on the incident, Darren Guccione, CEO and cofounder at Keeper Security, noted the human costs associated with such attacks is only getting worse due to the lengthy disruption caused by these incidents.

“The recent attack on London hospitals, which has led to the cancellation of operations and disruptions in essential services such as blood transfusions and test results, highlights the critical need to prioritize robust cybersecurity measures in the healthcare sector.” he explained.

Across the Atlantic, the situation has been much the same, with US healthcare organizations also facing a barrage of attacks in recent years. 

Andrew Witty, CEO of UnitedHealth Group, said the cyber attack on its subsidiary Change Healthcare in February 2024 could have impacted one-in-three US citizens, when asked to give a rough estimate of its fallout by the US Government.

North America still a top target for hackers, and it's healthcare industry is no exception

The IBM X-Force Threat Intelligence Index 2024 found that half of all cyber security intrusions reported in 2024 affected institutions in North America, with organizations in the US making up the lion’s share of attacks..

Healthcare was the third-most targeted sector, according to IBM’s research, accounting for 15% of all incidents.

Statistics from the US Department of Health and Public Health lists there being over 630 ransomware incidents against healthcare organizations in 2023, and more than 460 of these (73%) were targeting the US healthcare sector.

This concerning spike in attacks on the industry prompted the department to develop new rules for hospitals to bolster their cyber resilience, as well as considering tethering new security requirements to Federal funding packages.

Healthcare organizations are chronically underprepared

Despite a slew of high-profile breaches and rising threats against the healthcare sector, research also shows that the industry is failing to bolster its capabilities, which is a point of serious concern for security agencies on both sides of the Atlantic.

The European Union’s Agency for Cybersecurity (ENISA), for example, conducted an analysis of the health sector threat landscape and found EU providers made up 53% of the total incidents.

Hospitals were the single-most targeted institutions in the report, accounting for 42% of all attacks, while health authorities, bodies and agencies constituted 14% and the pharmaceutical industry notched 9%. 

The security agency identified ransomware as the primary threat facing the healthcare industry, both in terms of number of incidents as well as the impact they had on the target organization, with operational disruptions being the most common effects of the attacks.

Despite this, however, the report noted 27% of healthcare organizations still did not have a dedicated ransomware defense program.

Healthcare sector is a veritable goldmine for hackers

Guccione noted the sheer amount of data these organizations have to manage makes them lucrative marks for nefarious actors.

“Healthcare providers manage vast amounts of sensitive personal and health information, placing organizations in the industry under significant risk from both internal and external threat actors.”

Not only is there a lot of it, but healthcare data is some of the most sensitive information that exists, making it incredibly valuable to those who are looking to extort victims.

Graeme Stewart, head of public sector at Check Point Software, echoed this sentiment, adding that these institutions are particularly attractive to hackers 

“Healthcare and public sector organizations are particularly attractive to cyber criminals due to the high value of the data they hold… Therefore, it is crucial for organizations like the NHS to stay vigilant and proactive in their cyber security measures to protect against such attacks.”

Speaking to ITPro, Deryck Mitchelson, head of global CISO and C-suite advisor at Check Point Software, said the value of healthcare data dwarfs that of its financial services counterparts, noting that medical information is far harder to wipe than one's bank details.

“The cost of medical data on the black market is about five and ten times the cost of a financial record… It’s fairly easy nowadays to digitally and very quickly close down bank accounts, credit cards - you can do it from your phone… and that tends to be why the value of that data is much less, you can do less with it now.” he detailed.

“Whereas medical data is the most personal, intimate, confidential type of data that you’ve got, and of course it's your history - it’s fact. It’s the most sensitive data that we need to protect and that’s why it tends to be very much sought after.”

Solomon Klappholz
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.