With Seasonal Illnesses on the Rise, Healthcare Organizations Must Also Prepare for an Increase in Ransomware

Updated on December 27, 2023

As we approach the new year, the healthcare industry continues to find itself being targeted by cybercriminals, due to both the sensitivity of data being collected, and the criticality of these services to society. The winter season already brings heightened health concerns associated with peak cold and flu season. Cyber criminals understand the importance of any operational disruption in healthcare, especially during this season, and the consequences of any disruption on patient safety. The heavy reliance on technology and data makes the industry a prime target for cyber extortion and ransomware. No need could be more pressing than the need to restore critical patient records or recover life-support systems.

According to the 2023 Verizon Data Breach Investigations Report, medical data currently constitutes less than 10% of breached data. However, this figure is expected to surge as cybercriminals exploit the sector’s importance to society and the sensitive nature of medical data.  In fact, Symmetry Systems predicts that unfortunately, by the end of 2024, the percentage of data breaches that involve some form of medical data will increase dramatically as cybercriminals target healthcare institutions as double extortion ransomware targets. They will use the industry’s confidential and incredibly sensitive  and sometimes even embarrassing medical information to apply pressure to extortion payments.

When it comes to the healthcare industry, there is much more to protect than just data – patients’ safety and lives are potentially at risk. Because of this, paying a ransom may seem like the best decision to minimize the medical risks and potential losses associated with ransomware, especially during this heightened period. It is important that healthcare organizations proactively prepare to prevent these attacks from occurring in the first place.

Common Data Security Challenges for Healthcare Organizations

One of the many challenges that hospitals and doctors’ offices face is that patient information must often be shared to protect human lives with countless other medical providers. For smaller organizations however, they don’t have the security capabilities to adequately protect this data from unauthorized access or monitor suspicious activity. Historically, these healthcare organizations have no idea where the data is stored, and for the most part, they lack capabilities to enforce better authentication before giving access to medical records. As a result, they have no visibility of this information, and limited ability to control data access. In an industry driven by trust to do the right thing, zero trust is hard to implement. 

Unfortunately this bodes an opportunity for ransomware gangs, who are increasingly using compromised user accounts to perpetuate ransomware attacks. In fact, the 2022 Microsoft Digital Defense report indicates that 75% of human operated (i.e. not malware) ransomware attacks involved use of compromised user accounts.

The challenge that healthcare organizations are staring into with this form of ransomware is scale. The sheer volume of and exponential growth in private health information (PHI) and other sensitive information being collected and stored is made harder with the volume of users who potentially require access at certain times. The scale and complexity of managing this is not only a manner of ensuring access is restricted to authenticated users, but that the access is appropriate or at least approved for the time period. Organizations need better ways to manage, govern and secure access to PHI at scale. They need to find better ways to obtain data visibility and observability in order to become more resilient to ransom attacks.

Take a Proactive Approach

As the winter carries on, and healthcare facilities experience increased patient volumes due to seasonal illnesses, it is vital that they take a proactive approach to protect their patient’s data. And while there are compliance and regulatory practices in place, such as HIPAA, which mandate some measures to secure protected health information (PHI), in order to ensure patient safety and prevent ransom attacks, healthcare organizations must be proactive in implementing additional data security measures and strategies, rather than just focusing on meeting these regulatory requirements.

Healthcare organizations require visibility and observability of where PHI is stored, who can access it, and what they are doing with it, as well as being able to monitor for credential compromise and unusual access attempts and activity. In order to do this, healthcare organizations should maintain an updated data inventory, tracking all data assets and their locations. Ideally they should be able to easily identify who has access to that data. They should conduct regular data security assessments to identify and address any exposed data, with a focus on remedying high-risk exposures, securing any publicly exposed data stores, and implementing strict access controls. Additionally, enforcing Multi-Factor Authentication (MFA) across all user accounts, and reviewing and revoking long-standing access tokens periodically to help mitigate the impact of potential security breaches.

While this may seem like a lot to follow, these proactive steps are increasingly simple to implement using modern data security posture management solutions. They are key to keeping healthcare organizations safe from ransom attacks. As cybercriminals, unfortunately, continue to target the healthcare industry throughout the new year, organizations can utilize these simple steps to proactively prepare and minimize their risk.  


As healthcare facilities prepare for the increase in patients due to seasonal illnesses, they must also prepare for an increase in ransom attacks. If these organizations understand the challenges they may face and take the steps to proactively protect their confidential medical data, they can keep their patients safe throughout this winter season and beyond.

Claude Mandy Headshots 100419 12 copy
Claude Mandy

Claude Mandy is Chief Evangelist for Data Security at Symmetry Systems, where he focuses on innovation, industry engagement and leads efforts to evolve how modern data security is viewed and used in the industry. Prior to Symmetry, he spent 3 years at Gartner as a senior director, analyst covering a variety of topics across security, risk management and privacy, focusing primarily on what are the building blocks of successful programs, including strategy, governance, staffing/talent management and organizational design and communication. He brings firsthand experience of building information security, risk management and privacy advisory programs with global scope. Prior to joining Gartner, Mr. Mandy was the global Chief Information Security Officer at QBE Insurance - one of the world's top 20 general insurance and reinsurance companies with operations in all the key insurance markets, where he was responsible for building and transforming QBE's information security function globally. Prior to QBE, Claude held a number of senior risk and security leadership roles at the Commonwealth Bank of Australia, Australia's leading provider of integrated financial services which is widely recognized for its technology leadership and banking innovation. He also spent five years at KPMG in Namibia and South Africa.