Healthcare is a growing cyberattack target in the U.S. according to a recent KnowBe4 report. The industry is particularly vulnerable to threats due to the sensitive nature of the data it holds, which includes personal and financial information, as well as medical records.

Cybercriminals target the industry by exposing private medical data and personally identifiable information (PII) on the internet in hopes that healthcare facilities will pay costly ransoms to protect their patients. The exposure of private medical information can have serious consequences for patients, including financial fraud, identity theft and damage to their reputation. Additionally, cyberattacks can disrupt the operations of healthcare facilities, leading to delays in patient care and potentially putting lives at risk.

In the last three years, cyber attacks have immensely escalated, especially as hospitals and healthcare facilities around the country combated the COVID-19 pandemic and its aftermath. In 2020, 92 different ransomware attacks occurred at U.S. healthcare organizations, which affected 600 healthcare facilities and impacted more than 18 million patient records; this is a 470% increase from 2019.

Additionally, 2021 saw a 45% increase in the number of attacks and in 2022, the percentage surged again with attacks rising 50% from 2021. As a result, the healthcare industry is now the top targeted infrastructure sector most affected by ransomware. A contributing factor to this issue is that most healthcare organizations allocate less than six percent of their IT budget for cybersecurity, which prevents employees from attaining the education necessary to identify and report security threats.