Why Is the Healthcare Industry the Most Likely To Pay Cybercriminals for Ransomware Attacks?

Times are looking more brutal than ever for one of the world’s most critical industries. Ransomware attacks are skyrocketing, and healthcare organizations are increasingly cut off from much-needed cybersecurity insurance.  

But just how bad is the situation? A recent Sophos survey found that 66% of healthcare organizations were hit with a ransomware attack in 2021, up from 34% in 2020. Perhaps more alarming, healthcare organizations pay the ransom most often compared with other sectors (just over 60% compared with a cross-sector average of 46%. So, what’s going on here? Why is healthcare most likely to pay up in ransomware cyber-attacks? 

Why Do Cybercriminals Target Healthcare Organizations?

Healthcare organizations are a lucrative target for cybercriminals because medical records are a treasure trove of sensitive information. The Health Insurance Portability and Accountability Act (HIPAA) classifies various patient information, including Social Security Numbers, contact information, credit card information, and more, as protected health information (PHI). And PHI is one of the most valuable types of data out there.  

Beyond PHI’s higher selling price, healthcare organizations are more likely to be targeted with a ransomware cyber-attack because they’re more likely to pay the ransom. But why? 

Holding Someone’s Life in the Balance

Here’s the bottom line. We all understand why paying the ransom is bad; it feeds the hackers and incentivizes them to continue hacking, making the problem worse for all. However, not paying the ransom isn’t so simple in reality.  

In some industries, data provides a competitive advantage, but in healthcare, losing access to critical data and systems can put patients’ lives in danger. Or in other words, healthcare organizations aren’t blind to the ethical issues with paying ransoms, but getting their services back online quickly is often their top priority. When you consider that the average downtime a company experiences following a ransomware attack is 7-21 days, it’s not hard to see why healthcare companies cave to pressure.  

Medical Devices Can Present an Easy Entry Point for Ransomware Attacks

The healthcare security landscape is made increasingly complex with medical devices and The Internet of Medical Things (IoMT). Medical devices like insulin pumps, wearable biosensors, smart thermometers, and other remote patient monitoring technology play an increasingly vital role in the industry. However, these new devices open up worrying new entry points for attackers.  

As a relatively new industry, IoT still lacks strong security guidelines that help govern and secure other types of tech. At the same time, security is often not the primary concern in the development of new IoT and IoMT devices. Why? Because manufacturers want to maximize functionality while working with limited compute and hardware, which leaves minimal space for robust security and data protection measures.   

More often than not, these devices don’t store patient data. However, attackers can leverage these devices to gain access to other network resources, like a server that does hold sensitive data. Once attackers gain access to the network, they can exfiltrate data or, increasingly, install costly ransomware.   

Beyond IoMT, other complexities of the healthcare IT environment can leave healthcare companies vulnerable to cyber-attacks. For example, the need for efficient and widespread access to critical patient data across systems means two-factor authentication and zero trust defenses aren’t always feasible. 

An Increase in Ransomware Attacks is Making it Harder to Get Cybersecurity Insurance

Ransomware attacks are on the rise, healthcare IT environments are more complex than ever, and the cybersecurity skills gap puts in-house cybersecurity teams under immense pressure. With this dire picture in mind, healthcare organizations increasingly turn to cyber insurance to protect their vital assets and minimize cyber-attack damage. But there’s a problem – obtaining coverage is becoming more challenging.  

The Sophos report found that 51% of respondents said the level of cybersecurity needed to qualify for cyber coverage is now higher than in the past. At the same time, cyber insurance is becoming increasingly expensive.  

Ransomware attacks are a significant cause of changes we’ve seen in the cyber insurance market in recent years. Ransomware is now the largest driver of cyber insurance claims, and with attacks increasing, ransom payouts have soared. As a result, many cyber insurance providers have found themselves unable to keep up and have left the industry altogether. The ones that remain are changing their limits, coverage, and pricing to manage the increased risk.   

This has led to a seller’s market, where the dwindling number of providers hold all the power. They can charge what they want and be selective about who gets coverage. And unfortunately, many healthcare organizations aren’t meeting the selection criteria.  

Equally concerning is threat actors’ monitoring of cyber insurance companies’ relationships. According to Reuters, some ransomware attack check whether potential victims have policies that make them more likely to pay the ransom.  

However, the competitiveness of the cyber insurance market does seem to be having some positive effects. For example, over 95% of healthcare respondents said they have made improvements to their cyber defenses to boost their cyber insurance prospects. For example, nearly half of the covered respondents implemented new security processes and increased staff training.  

Despite the concerns surrounding cyber insurance, it’s crucial that healthcare organizations understand that cyber insurance isn’t a band-aid for weak cybersecurity. Instead, healthcare organizations need to deploy robust cybersecurity defenses that grant a speedy recovery from a cyber-attack, as well as backups and endpoint detection and response solutions.  

Wrapping Up

The healthcare industry has had a tough few years with COVID-19, rising staff shortages, increased demand for telehealth, and a constant onslaught of ransomware attacks. If the healthcare industry wants to lose its number one spot as the industry most likely to pay ransoms, it needs to take a more rigorous approach to cybersecurity. The cybercriminals will stop trying (or trying in colossal numbers) when the work becomes too hard and the reward too low. As it stands, healthcare is the low-hanging fruit for cybercriminals in 2022.