Your Medical Data Is Not Safe: How Rampant Ransomware is Devastating Hospitals and Disrupting Care

Ransomware attacks on healthcare organizations are becoming alarmingly common, and the scope of the threat is only increasing. Over the past year, two-thirds of healthcare organizations were targeted, up from 60% the previous year, signaling a concerning trend. These attacks are not just costly; they are putting lives at risk by disrupting essential healthcare services, exposing sensitive patient data, and damaging the trust that patients place in their healthcare providers. With ransomware groups increasingly targeting the healthcare sector, the time to act is now.

What is ransomware?

Ransomware is a type of malicious software (also called malware) that encrypts a victim's data, effectively locking them out of their files or systems. The attackers then demand a ransom (usually in cryptocurrency) in exchange for restoring access to the data. Ransomware groups often claim the data will be wiped from their servers if the victim pays, but this is almost always a lie.

Ransomware groups often target healthcare organizations because medical data is highly valuable on the black market for use in identity theft and online scams, but also because the danger to hospital operations is so high that it increases the likelihood the victim organization will pay. While paying the ransom is generally discouraged, some healthcare organizations have opted to do so in order to regain access to critical systems and data that are needed to provide medical care.

The real-life impacts of online ransomware

In addition to the steep price of the ransom itself, which is often in the millions of dollars, healthcare organizations must find a way to restore downed online systems, often at an enormous cost, and pay to improve their security measures against further attacks. Such incidents also result in increased insurance claims, culminating in a heavy financial toll for the business that is eventually passed on to patients.

The impact of ransomware is far-reaching beyond just financial, though. Operational disruptions are often the first visible consequence. When a hospital or healthcare provider is hit, critical functions—such as patient care, diagnosis, and emergency services—are delayed or halted entirely. In some cases, patients are diverted to other hospitals, potentially jeopardizing their health outcomes. For example, in October 2024, Artivion Inc., a manufacturer of heart surgery medical devices, suffered a major attack that encrypted their systems and led to significant operational disruptions. Production lines were stalled, and the ability to deliver critical medical devices for patients in need of heart surgery was significantly delayed, affecting patient care and impacting lives.

But one of the most alarming effects of ransomware attacks that often goes overlooked is the exposure of electronic protected health information (ePHI). This data, which includes personal and medical details about patients, is highly valuable on the black market. When cybercriminals steal ePHI, it can lead to identity theft, fraud, and severe damage to patient trust. As healthcare organizations struggle to recover from ransomware attacks, they must also deal with the long-term consequences of compromised patient data.

For example, in October 2024, Boston Children’s Health Physicians (BCHP) was targeted by the ransomware group BianLiam, which stole highly sensitive data, including health records and personal information of minors. BCHP, which serves over 300 clinicians, was forced to deal with the fallout from this breach, which included not only a financial and operational toll but also the risk of significant damage to patient trust. Similarly, in July 2024, the Florida Department of Health was hit by the ransomware group RansomHub, which stole 100 GB of sensitive public health data and threatened to release it unless a ransom was paid. These attacks are part of a growing trend that shows no signs of slowing down.

What needs to be done

As the threat of ransomware continues to grow, it is clear that healthcare organizations must take urgent action to strengthen their cybersecurity measures. One of the most significant steps toward improving security is the amendment of the HIPAA Security Rule, with the U.S. Department of Health and Human Services (HHS) proposing changes for 2025. This proposed rulemaking is designed to address vulnerabilities in the healthcare sector by updating standards that govern the confidentiality, integrity, and availability of ePHI.

Key aspects of the proposed revisions include:

Adaptation to modern threat models: The updated rule aims to reflect changes in the healthcare environment, including the widespread adoption of digital technologies and the corresponding rise in cyberattacks.
Addressing deficiencies: The modifications incorporate lessons learned from investigations into compliance failures, aiming to close common security gaps.
Alignment with best practices: The proposals integrate industry-standard cybersecurity guidelines, methodologies, and processes to enhance resilience.
Clarification of legal enforcement: The updates account for recent court decisions that impact how the HIPAA Security Rule is interpreted and enforced.

In addition to regulatory updates, healthcare organizations must invest in advanced cybersecurity tools. Tools like the DarkBlue Intelligence Suite play a critical role in detecting, analyzing, and responding to ransomware threats. DarkBlue’s capabilities enable healthcare providers to identify signs of potential ransomware activity early, giving them a crucial window of opportunity to respond before significant damage occurs. In addition to tools, healthcare organizations must also prioritize ongoing education and training for their staff, as human error remains one of the biggest vulnerabilities in cybersecurity.

Finally, addressing the growing ransomware threat requires collaboration. Healthcare providers must work closely with regulators, cybersecurity experts, and industry stakeholders to develop a more robust defense against cybercriminals. Proactive, coordinated efforts can help to prevent ransomware attacks and mitigate the damage when they do occur.

Conclusion

The healthcare sector is under siege by ransomware groups, with attacks disrupting operations, compromising patient data, and putting lives at risk. As these attacks grow more frequent and sophisticated, healthcare organizations must take immediate action to strengthen their cybersecurity defenses. By updating regulations, investing in advanced security tools like DarkBlue, and fostering collaboration across the industry, the healthcare sector can begin to build a more secure environment for both patient data and the care provided. In today’s increasingly digital world, your medical data is simply not safe—unless we act decisively to protect it.

Want more insights from DarkBlue? Subscribe to our newsletter for blog posts, intel, webinars, and more.