Alex - stock.adobe.com
Healthcare ranks as third-most targeted ransomware victim
Research shows that healthcare is now the third-most targeted ransomware victim, and attacks against physician practices as well as hospitals are on the rise.
Healthcare is the third-most targeted ransomware victim in the cyberthreat landscape, with incidents surging by over 32% from 2023 to 2024, according to research from Black Kite. Healthcare moved from seventh place in the first quarter of 2023 to third place in the fourth quarter of 2024, the company's data showed. The healthcare sector now follows only the manufacturing and professional services industries in terms of the greatest number of incidents.
What's more, Black Kite found that physician practices accounted for 25% of the healthcare ransomware incidents it tracked in 2024, while general hospitals accounted for 22%. Smaller providers, such as outpatient centers and dental practices, are not immune to ransomware either and might be appealing targets for cyberthreat actors if they do not have strong security programs.
Black Kite noted that the unique combination of increasingly aggressive ransomware groups and affiliates, resource-constrained healthcare organizations, and the potential effect of a ransomware attack on patient care make healthcare a prime target.
Who is targeting healthcare?
Black Kite's observed uptick in healthcare ransomware attacks is bolstered by data from the HHS Office for Civil Rights data breach portal, which shows a 27% increase in healthcare ransomware victims from 2023 to 2024. The report noted that the increase in breach disclosures could be partly due to improved reporting practices.
While the increase in attacks is notable in itself, trends within the ransomware ecosystem speak to how cyberthreat actors might perpetrate cyberattacks in the future.
Researchers found that select ransomware groups favor healthcare targets far more than those in other industries. For example, 25% of Everest's 2024 victims were in healthcare. Other groups like INC ransomware, BianLian and Rhysida have a reputation for targeting healthcare and collectively contribute to the rising threats against the sector.
The complex ransomware ecosystem is made of big groups and smaller affiliate players, all of which can play a role in targeting healthcare and other sectors.
Affiliates are independent cyberthreat actors who team up with ransomware groups to carry out an attack in exchange for a piece of the ransom.
As affiliates compete against one another, they drive the frequency and severity of attacks up. Black Kite researchers suggested that the affiliate-driven market has changed the threat landscape in the past year.
"The ransomware attack on Change Healthcare in February 2024 marked a pivotal moment in the shift to the affiliate-centric model. A failed payment to an affiliate led to widespread distrust in the ransomware groups they work for," the report stated.
"The ripple effects from this event continue to influence the ransomware ecosystem. It prompted affiliates to reevaluate their partnerships and seek arrangements that prioritized their interests, giving affiliates unprecedented bargaining power and fundamentally altering the way ransomware operations were structured."
The shifting power dynamic among affiliates and ransomware groups is not the only major shift in the ransomware ecosystem in recent years. Researchers have also observed the cyberthreat landscape shifting from a lengthy negotiation process to a one-time demand, and from a code of conduct to an open targeting of critical infrastructure.
As the cyberthreat landscape evolves, the scope and scale of ransomware attacks will continue to evolve.
Preventing ransomware attacks as a healthcare organization requires a proactive approach rather than a reactive one. Continuously monitoring critical systems, addressing known vulnerabilities and having a solid risk management plan can help healthcare organizations thwart ransomware attacks.
Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.
