Health care industry experiencing increasing attacks by cybercriminals

Dozens of hospital systems reportedly suffered ransomware attacks last year

The health care industry is contending with increasing attacks by cybercriminals.

Data published by the Cyber Threat Intelligence Integration Center (CTIIC) showed ransomware attacks hit 258 victims in the sector in the U.S. last year. That marked a 128% jump from 2022, when 113 were reported, per the CTIIC.  

Separately, Emsisoft reported in January that when it came to U.S. hospital systems specifically, nearly twice as many experienced ransomware attacks last year compared to the year before that. The number went from 25 in 2022 to 46 hospital systems in 2023.

Hacker computer monitors

The health care industry is facing increased attacks by cybercriminals. (iStock / iStock)

More than 140 hospitals within the hospital systems hit last year felt negative effects from the ransomware incidents, the software company found.

ASCENSION HEALTH, NATION'S LARGEST CATHOLIC HOSPITAL CHAIN, VICTIM OF CYBERATTACK DISRUPTING OPERATIONS

Cybersecurity expert and Berkeley Varitronics Systems CEO Scott Schober told FOX Business in an interview this week that the increase in cyberattacks that the health care industry has been seeing is linked to the value of personal information that can potentially be stolen from them. 

"If you look at the personal information in any data breach that’s taken, there’s a certain value to it," he explained. "If it’s a small business, and you get a bunch of credit cards or Social Security numbers, there’s a value, but there’s so many billions of records that have been compromised, it kind of waters down the value. That being said, contrast that with the health care sector. That personal information is very rich, it’s very valuable."

Schober said cybercriminals can use personal information from stolen medical records to commit medical fraud and identity theft or sell it for significantly more than, say, a credit card number.

Some sort of information was obtained in the ransomware attacks for more than two-thirds of the 46 U.S. hospital systems hit by them last year, according to Emsisoft’s report.

Person being sneaky behind computer

The health care industry is facing increased attacks by cybercriminals. (Annette Riedl/picture alliance via Getty Images / Getty Images)

Cybercriminals may also have more leverage to obtain a ransom from hospitals or other health care entities because disruptions caused by cyberattacks could put people’s lives on the line and disrupt important medical services, according to the Berkeley Varitronics Systems CEO.

There have been instances of outages arising from ransomware attacks on health care facilities, leading to postponements of medical procedures, ambulance diversions to other hospitals, difficulty accessing records and other disruptions.

CLICK HERE TO READ MORE ON FOX BUSINESS

Schober also told FOX Business some hackers have implemented a "one-two punch" into their ransomware attacks in recent years, such as when they "exfiltrate" and copy data for potential before encrypting it to seek a ransom.

There have been ransomware attacks on hospitals and other entities in the health care sector this year as well. Some of the most notable have included Ascension Health and UnitedHealth’s Change Healthcare unit.

HOW THE TARGET, UBER CYBERATTACKS FROM YEARS AGO SHAPED PUBLIC PERCEPTION OF CYBERSECURITY TODAY

Some hospitals are "proactive" about shoring up their cybersecurity defenses "so they don’t get victimized" in the first place, according to Schober. However, he said that in many cases, it happens after they suffer an attack.

The health care industry is facing increased attacks by cybercriminals. (iStock / iStock)

"I know they’re trying to implement across the board throughout a lot of hospitals is awareness, education, so they can improve their cyberposture because doing just that alone will minimize" the risk of a system compromise, he said, mentioning other methods like multifactor authentication and limited remote access as well.

UNITEDHEALTH CEO DETAILS CYBERATTACK ROOT, WORKING 24/7 TO ‘FIX THIS’

The threat of cyberincidents as a whole weighs on businesses beyond those in health care, too.

A report released in January by Allianz Commercial identified cyberincidents as 2024’s "top business risk" based on a survey of over 3,000 businesses in various sectors, industry trade organizations, risk management professionals and others. Of the respondents, more than one-third – 36% – said cyberincidents posed the biggest threat.

It topped other risks like business interruptions, natural catastrophes and regulatory changes.