A report from Black Kite reveals how certain ransomware groups are targeting healthcare institutions more than other sectors. Research from Black Kite has demonstrated the healthcare is the third-most targeted among ransomware groups, falling behind manufacturing and professional services. 

Within the healthcare industry, certain subsections face greater ransomware incidents. For instance, 25% of healthcare industry targets are physician’s offices, and 22% are general medical hospitals. The report considers the Change Healthcare ransomware incident to be a turning point for ransomware groups, as it revealed vulnerabilities within the conventional group-affiliate structure. This caused the shift toward more affiliate-dominated models. 

The ransomware groups with the highest healthcare organization targets are Everest (25%) and Monti (20.8%). Two high-volume ransomware groups, INC Ransom and BianLian, also show a notable focus on healthcare targets at 21.7% and 15%, respectively. 

Key findings from the report include: 

• Ransom demands among physician’s offices targets range from $30,000 to $10 million, averaging at $2 million.
• Small healthcare organizations (with less than $20 million in revenue) are often targeted because they are limited on resources and thus less protected. 
• Large healthcare organizations (with more than $100 million in revenue) are often targeted because of their ability to pay large ransom demands.