Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Clinical treatment of ransomware in healthcare

By Shane Peden, Michael Rezek
healthcare security freepik
June 9, 2021

Healthcare organizations experience constant tension between two priorities: improving patient care, and controlling costs. To find the proper balance and focus on both of these priorities, healthcare organizations have to focus on providing positive experiences, managing resources, and innovating technology.

At the same time, a myriad cyber-related threats plague healthcare organizations, with few of greater concern than ransomware. For a healthcare organization, the ramifications of a cyberattack expand beyond financial harm. Cyber-attacks have the potential to inhibit the organization's ability to provide care. These attacks also have regulatory compliance, and legal impact as they may constitute a breach under HIPAA or result in medical malpractice. This may result in additional audits, fines, and other burdens on the organization.

In 2020, at least 92 US healthcare organizations suffered ransomware attacks, resulting in an average ransom demand of $169,446 and netting cybercriminals an estimated $15.6 million in ransoms demanded from the US healthcare sector.

 

Understanding Why Health Systems Are An Attractive Target for Ransomware

Cybercriminals often focus their attacks on the most vulnerable targets, and unfortunately health systems tend to be high on that list. Since the introduction of the Meaningful Use program by the Center for Medicare & Medicaid Services (CMS) in 2011, the adoption of Electronic Health Record (EHR) solutions by hospitals had increased to more than 94% by 2014. Digital transformation in health systems accelerated even further over the pandemic. However, rapid change sometimes creates conflicting priorities leading to divergent and fragmented technologies within a single health system. This makes it easier for attackers to focus their attention and attacks. Additionally, a lot of healthcare platforms have focused on data portability and interoperability which has meant that security was not necessarily a top priority. All of these factors make healthcare an appealing target, and when you consider that health systems are likely to succumb to ransom-based attacks to protect data, it just encourages the attackers even more.

These issues are further punctuated by a vulnerability profile similar to ransomware victims in other industries, including:

  • Lack of sufficient incident response planning and testing of incident response capabilities
  • Lack of sufficient backups, including the security of backups to ensure the systems managing backup data are not also victim to ransomware
  • Poor network segmentation and logical access management, resulting in the easy spread of malware across IT networks.
  • Poor security patching practices, resulting in systems vulnerable to pre-built, easy to deploy malware that can easily take over the system
  • Insufficient anti-malware and anti-spam solutions, and poor configuration management (e.g., no prevention of MS Office Macros, presence of insecure services or features)
  • Poor perimeter defenses include web filtering and internet access controls
  • Use of legacy and out of support systems and a failure to isolate these on networks where they are a necessity

Finding the Key Points of Entry for Ransomware into Health Systems

Ransomware typically finds its way into healthcare systems one of three ways:

  • Malicious websites that silently initiate an infection (e.g., malvertisement, drive-by downloads)
  • Phishing emails containing malicious attachments which execute malware when opened
  • Phishing emails containing malicious email links to sites containing the malware

Mitigating the Risk of Ransomware Infections

While there is no single solution to secure an organization against ransomware, healthcare providers can implement a combination of tools and best practices to better secure their systems and decrease the likelihood of a successful attack. Leadership teams as well as network managers leading security and technology teams within the healthcare system should be asking (or answering!) these five questions:

1. How are we securing our end users?

User traffic should be filtered through a DNS-based content filter to minimize exposure to malicious domains and websites not appropriate for use at work. A next-generation AV solution should be implemented, and anti-spam/phishing solutions should be integrated into the corporate email solution. Systems should be configured to prevent common types of attacks from taking place (e.g., disable macros in Office files, disable Powershell, prohibit applications from running outside of predefined directories).

2. Do we have an incident response and BCP/DR plan and is it tested regularly?

A plan should be in place to back up critical data and infrastructure. Backups should be separate from all other IT systems. Access to backups should be tightly controlled and encrypted. Live backup testing should be documented to prove that IT can recover all critical systems within a business-defined recovery time objective.

3. Are our IT networks truly segmented?

Separate subnets or virtual LANs are not enough. Traffic flows between networks must be restricted. Malware originating on an end-user system should not be able to navigate to sensitive infrastructure.

4. What is our organization’s security patching cadence?

The easiest way for malware to spread is to identify out-of-patch systems with known vulnerabilities that have out-of-the-box exploits available. In these scenarios, even attacks of low sophistication can be successful. Systems must be kept up to date. If the use of out-of-service, or legacy systems is a necessity, they should be firewalled appropriately to mitigate risk.

5.  How are we training our workforce?

Are users trained on spotting suspicious emails, and not to click on links or open attachments from emails? Are users aware of how to report malicious activity? Are users made aware of acceptable use policies, why they exist, and the ramifications for not adhering to them? Do patients understand what is at risk?

No health system should have to decide between improving patient care or covering the high cost of an unexpected ransomware attack. Examine the health and wellness of your IT infrastructure—just like a patient—to prevent long-term issues down the line.

KEYWORDS: cyber security healthcare incident response ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Shane Peden is Head of Compliance at Patientco.

Michael Rezek is VP of cybersecurity strategy at Accedian.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • doctor telehealth freepik

    Healthcare’s next emergency: Ransomware follows in the footsteps of the pandemic

    See More
  • Healthcare Data Compliance: Maintaining Integrity, Privacy and Security

    75% Increase in Reports of Ransomware Attacks on Healthcare Entities

    See More
  • Patient in hospital bed

    45% of IT healthcare professionals say ransomware impairs patient care

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing