CHAPTER 1
Healthcare’s Growing Vulnerability in the Ransomware Landscape
As ransomware attacks surge, the healthcare industry has become a prime target, moving from a secondary concern to a critical focus for cybercriminals.
The turning point came with the Change Healthcare incident, a ransomware attack that not only disrupted healthcare operations nationwide but also reshaped the ransomware ecosystem. (More on this pivotal event in the next section.) Let’s look at the statistics and trends surrounding healthcare ransomware incidents to shed light on the factors that make healthcare organizations increasingly vulnerable to these threats.
Healthcare Ranks #3 in Ransomware Incidents
With 374 incidents in the past year, a 32.16% jump in the number of attacks on the industry in 2023, healthcare is among the top targets for ransomware, surpassed only by Manufacturing and Professional Services.
Ransomware Attacks Across Industries
Healthcare’s ethical responsibility to ensure patient care raises the stakes, often compelling healthcare organizations to pay ransoms to avoid life-threatening disruptions. This ethical duty to maintain life-saving operations is a key factor that distinguishes healthcare from other sectors in the ransomware landscape.
A Rising Trend
Ransomware attacks on healthcare have increased both in numbers and as a proportion of total attacks.
Rise of Ransomware Victims in Healthcare
The purple bars represent the number of healthcare victims per quarter, showing a clear upward trend. The green line tracks the percentage of total ransomware attacks that targeted healthcare each quarter. This rise indicates that, compared to other industries, healthcare is becoming a more significant focus for ransomware groups over time.
Healthcare Climbs to 3rd Most Targeted Industry
Healthcare has steadily risen as a top ransomware target, moving from 7th place in Q1 2023 to the 3rd spot by Q4 2023, where it has remained through Q4 2024.
Shifts in Top Ransomware Targets
Manufacturing and Professional and Technical Services consistently hold the top two spots, while healthcare's rise indicates a growing focus on this sector. Finance and Insurance, which once ranked higher, has gradually dropped, moving from 4th to 7th place, but it may be back on attackers’ radar as indicated by the recent upward trend.
Ransomware Groups Focus Disproportionately on Healthcare
Certain ransomware groups disproportionately target healthcare in comparison to the average victim distribution across industries in 2024.
Ransomware Groups with Disproportionate Focus on Healthcare
Everest leads, with 25% of its victims in healthcare. Other notable groups include INC Ransom (21.7%), Monti (20.8%), and Rhysida (18.5%). High-volume groups like INC Ransom and BianLian also have a strong healthcare focus, making them especially dangerous to the sector. Lower on the list, groups like Medusa (9.3%) and Abyss (9.1%) target healthcare less frequently but still contribute to its heightened risk profile.
Broad Range of Healthcare Targets
Ransomware groups are not only attacking large hospitals but also smaller facilities.
Healthcare Ransomware Attack Distribution by Subindustry
Physicians’ offices account for 25% of healthcare ransomware incidents, while general medical hospitals account for 22%. Smaller healthcare providers, including dentists and outpatient centers, are also frequent targets. These organizations may lack robust security infrastructure, making them appealing, low-resistance targets for ransomware groups.
Insights from the HHS OCR Breach Portal
Data from breach notifications submitted to the Office for Civil Rights (OCR) Breach Portal of the Department of Health and Human Services (HHS) – a required process for any breach of unsecured protected health information (PHI) – reveals striking trends in 2024:
Healthcare Breach Disclosures to HHS: Year-Over-Year Comparison
A 27% Increase in Healthcare Ransomware Victims:
Compared to 2023, the number of US healthcare entities falling victim to ransomware has surged.
Breach Reports More Than Doubled:
Organizations reporting data breaches of any kind to the OCR increased by 110.4%.
Ransomware-Related Breaches Skyrocketed:
Among those reported breaches, ransomware-related incidents jumped by 108.9%.
Improved Reporting Practices:
In 2023, only 37.4% of healthcare ransomware victims reported breaches to HHS. By 2024, this ratio climbed to 61.6%.