RIDING THE WAVE: THE SURGE IN HEALTHCARE RANSOMWARE ATTACKS

Among the growing array of different cybercrimes, ransomware attacks against the health sector appeared to have undergone some sort of tipping point: such attacks have soared in recent months, and March saw an $22 million payout by Change Healthcare, the commercial health-payments processor that was the latest target of a ransomware gang, after which, it seemed, the floodgates opened to a new wave of attacks on a sector central to human life.

A TIDAL WAVE OF THREATS

In the months since that publicised payout, there’s been a rise in ransomware attacks on healthcare entities. April was the busiest month on record, with 44 incidents. It was the worst ransomware wave the cybersecurity company Recorded Future has ever logged, but not just because it was bigger. This wave was also more hostile, targeting hospitals and doctor’s offices, pharmacies, and other healthcare entities so as to cast a pall over the workings of public health.

THE LURE OF THE WAVE

For cybercriminals, the attraction of these attacks is obvious: healthcare institutions store critical data, are undeniably essential to life-saving functions, and, if the price paid by Change Healthcare is anything to go by, will yield huge payoffs to those willing to go after them. This is a deliberate and measured wave of ransomware, focused on a weak and valuable target.

VICTIMS CAUGHT IN THE WAVE'S FORCE

Victims include other very recognisable organisations, such as Ascension (which has directed ambulances to other hospitals and postponed emergency room procedures), and the wave has become such a talking point that other ransomware groups rush in to exploit, with ransomware groups such as Black Basta and LockBit not shying from disrupting medical care and asking for large ransoms.

A WAVE OF CONSEQUENCES

The consequences of this wave go deeper than financial loss and operational disruption to an essential service: they threaten the delivery of healthcare altogether, long-term eroding the public’s confidence that essential care is available when it’s needed. The wave’s reach across a huge swathe of the healthcare sector – from hospital networks and medical care facilities to pathology labs – exposes disturbingly sophisticated, well-resourced and dogged cybercriminals.

BEFORE THE WAVE: THE RISE IN RANSOMWARE ATTACKS

To be clear, the massive ransomware attacks didn’t just happen. Ransomware – and most importantly, its costs to healthcare – has been growing for years, with more attacks in every month of 2024 than in the year before. This wave – higher, and more virulent, than any previous one – is evidence that we need a much more aggressive and coordinated response.

AFTER THE WAVE: SEEKING SOLUTIONS

After this tsunami, the health sector and cybersecurity professionals face a race against the clock to build defences, safeguard sensitive information and prepare for the next wave. The answer, which months of my work on the story have come down to, is one that costs $22 million: what can healthcare do to protect itself from an enemy relentless and tenacious, one that is exploiting its weaknesses with determination and malice?

UNDERSTANDING THE WAVE

As with most ransomware trends, though, the wave of healthcare hacks outlines an insidious equation of profit. Who can you coerce the most money from – a hospital, where people’s lives hang in the balance? When these systems are deteriorating, fuel is added to the ransomware fire. Unfortunately, it’s not hard to envision that a future wave of ransomware will be even more destructive.

Such a wave is not a sequential list of individual events but a wake-up call to the healthcare industry and to the organisation of compliance and ethics around the healthcare sector. It is a call for robust cybersecurity which includes infrastructure, awareness and readiness, to keep pace with the changing ecosystem of the threat landscape. Since ransomware is enjoying the economics of this wave, the combined efforts of cybersecurity innovators and researchers, law enforcement and the medical sector can help the pendulum swing against ransomware and keep the healthcare sector safe in the years to come.