No industry is safe from a potential cyberattack, but some are more attractive to criminals than others. The healthcare sector is one of the most targeted industries by cybercriminals, and has the highest data breach cost of any industry, averaging USD 10.93m.

Why is healthcare such a popular target?

There are several reasons why cybercriminals target healthcare institutions. Firstly, they hold some of the most sensitive data on individuals which is very valuable to criminals who sell it via the dark web. For example, the value of a health record in the US can be worth 200x that of a credit card number and 1000x that of a social security number.

Additionally, the healthcare sector is more likely to pay the ransom. When people’s lives are on the line, these organisations want to resolve the problem as quickly as possible, which often means paying out to the criminals. 

Finally, the nature of the technology that is used by this sector can make it vulnerable to hacking. Healthcare organisations are more reliant on networked devices to provide care (the Internet of Medical Things, IoMT), many of which have poor security making them easier to breach. Coupled with the reduced funding of public healthcare systems, this means that expensive cybersecurity is often overlooked for more immediate needs relating to patient care.

Ardent Health: A case study

A recent example of a cyberattack that had potential fatal consequences is that of Ardent Health. Over the US Thanksgiving holiday weekend, emergency rooms in at least three states were shut down when a significant number of their computerised services were shut down by the ransomware attack. The organisation, which operates 30 hospitals across the US was forced to redirect patients to other hospitals. Whilst the hospitals were able to safely continue giving care to patients, they rescheduled non-emergency procedures as an extra precaution. 

How can healthcare providers protect themselves?  

As with any type of company, it’s crucial that healthcare providers invest in cybersecurity solutions and processes that can help to reduce the chances of ransomware attacks occurring. This should include staff training, as everyone in an organisation is responsible for security, especially given how successful social engineering tactics are in cyber attacks. 

It’s also important to have a plan in case an attack happens to ensure that you can continue running your operations with as little disruption as possible. This includes maintaining secure backup of all data, so that it is still accessible in case the worst happens. Finally, it is not uncommon for criminals to attack during public holidays as they expect fewer security staff to be on duty. As a result, it’s essential to be prepared for an attack at any time.