Why does ransomware look for the healthcare sector?

Ransomware attacks are on the rise across the Eastern region and a target rich environment for criminals remains the healthcare sector.

Photo of pharmacist helping customer

Every healthcare clinic and hospital around the globe remains at risk of being attacked by cybercriminals. And remember small does not mean safe!


Criminals sometimes target specific organisations, but many attacks are carried out by bots that randomly attack millions of companies continually all over the world until they succeed. And that organisation could just as likely be you, or a chip shop in Manchester or a school in Beijing.


The tantalizing target on healthcare’s back has been attributable to outdated IT systems, fewer cybersecurity protocols and IT staff, valuable data, and the pressing need for medical practices and hospitals to pay ransoms quickly to regain data.

Doctor looking at MRI Scan

And 2021 stats from a US Cyber company (Herjavec Group) make for stark reading

  • Healthcare provider attacks have more than quadrupled since 2017

  • Attacks don’t just steal or encrypt data – they are now targeting internet enabled medical devices (MRI scanners) and interfering with their productivity

  • It is highly likely that cyber-attacks have resulted in deaths and serious injury of patients

  • 93% of healthcare organisations had suffered a cyber enabled data breach over the past 3 years. Almost two-thirds had had five or more.

  • Most healthcare providers felt ill-equipped to deal with the threat of cyber-attacks against their organisation

What is ransomware?

Simply put this is a malicious attack against a network where the criminals get access to data and either steal it, threaten to delete it, or encrypt it. The criminals will then demand a payment for the return of the data.

Man with his head in his hands

Imagine how this could affect a hospital – sensitive patient data, financial details for clients and treatment plans and drug plans for patients - these could all be compromised or lost.


The reality is that ransomware is now viewed as a business model and many entities behind these attacks will present themselves as being on the same side as the victim.


So, in return for the payment your organisation will often be supported through a process which will return the data that has been encrypted / stolen. It is worthy of note that paying the ransom does not guarantee the return of the data and certainly does not guarantee that it won’t be sold on or published at some point in the future. Also, your network will still be infected, and you are more likely to be targeted again in the future.


The paying of the ransom has moral and ethical undertones that may not be immediately apparent when you are faced with such an attack.

Consider the fact that you may be financially supporting terrorists or criminals by paying the ransom.


Can you protect yourself from these attacks?

Ransomware is always preceded by an attack on the network itself, commonly through a phishing e-mail or brute force attack. These attacks are increasing in complexity and sophistication meaning that defence against these dark arts needs continual review. But the key points for protection to remember are:

  1. Look at the free tools and guidance available on the ECRC site - Tools | Eastern CRC (ecrcentre.co.uk)

  2. Make your network resilient and practice good cyber hygiene – using Cyber Essentials (CE) principles - in particular, use strong passwords and multi-factor authentication if you can.

  3. Make sure Staff Awareness Training is up to date – spotting a phishing e-mail early will prevent a lot of pain further on down the line

  4. Make sure all staff know the symptoms of an ongoing ransomware attack and respond quickly to it using a prepared incident response plan.

  5. Identify common points of failure across the network – patch vulnerabilities and restrict access from malicious sites and IP addresses – speak with you MSPs about this and don’t assume that it will be done automatically.

Graffiti showing text "what now?"

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.


So, what can I do?

Here at the centre, we would advise you to do things now

  1. Join our free core membership by clicking through to https://www.ecrcentre.co.uk/core-membership-sign-up. You will be supported through implementing the changes you need to make to protect your organisation, staff, and students.

  2. For all healthcare providers across the Eastern region, we would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. https://www.ecrcentre.co.uk/what-is-cyber-essentials. A company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks.

  3. Join the centre as a free member and we will take you as far as the CE accreditation process. And if you want to pay for the assessment, we can refer you one of our Trusted Partners – all regionally based cyber security companies that can help you become accredited.

  4. We would also recommend that you speak to your Managed Service Provider and / or website company to discuss how they can implement cyber resilience measures on your behalf. Many are unaware of the free tools that we promote through the ECRC community.

Whatever you decide to do, doing nothing is no longer an option. So come and join the centre as free members and let us help you protect your organisations from the ever presents threats out there in the cyberverse.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.