Ransomware Plagues Healthcare with Disruptive and Potentially Devastating Consequences

By Raphael Reich, Vice President Marketing | November 2, 2020

As cases surge amidst an ongoing pandemic, hospitals face another crisis: ransomware. Dozens of hospitals have been targeted over the past few days and, in September, the RYUK ransomware strain impacted the IT systems of all 250 U.S Universal Health Services facilities1. Employees described a chaotic condition, where medical professionals resorted to using pen-and-paper for record-keeping.

Losing access to medical data and applications in a modern healthcare setting can have severe financial and potentially life-threatening consequences. In June, the University of California, San Francisco paid over $1.14M to attackers2. In September, a German woman seeking treatment died after a hospital was forced to reroute her due to a ransomware attack.3

Specifically Targeting Healthcare

In late October 2020, the FBI warned that ransomware is “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”4 Obviously, the warning combined with the ongoing attacks means that healthcare systems must take timely and reasonable precautions to protect their networks.

Most of these recent attacks on healthcare organizations reportedly stem from a series of Russian cybercriminals who hold a list of over 400 potential healthcare targets, according to Hold Security.5

Underlying Technology and Methods

During this wave of ransomware attacks, the RYUK strain of malware has emerged as a primary vehicle to target healthcare environments. The initial compromise is generally performed through malware typically distributed via phishing emails. The malware helps establish a covert command and control channel into the compromised network.


"Once breached, organizations are held hostage by cybercriminals who encrypt medical records or other data which are then inaccessible until a ransom is paid, usually via a cryptocurrency. While the average ransom demand is $59,000, the impact and downtime from an attack may cost upwards of $1.4 Million in lost productivity, reputation, and service disruption.[6] It is very difficult for healthcare systems to recover from a ransomware attack, and without adequate recovery systems, many providers could find themselves out-of-service."

See How We Can Help – Watch Our Short Demo

Vulnerable, Attractive Targets

The potential impact of ransomware on healthcare organizations is obviously significant given the time-sensitive and life-impacting nature of medical work. And, while the FBI does not advocate paying a ransom, nearly 60% of enterprise ransomware victims pay the criminals.7  It’s easy to understand why that would be the case in an environment such as healthcare. Hospitals are also an attractive target given they lag behind in security investment relative to other industries.8

Risk Extends Well Beyond Phishing

While phishing was the primary conduit for the recent RYUK ransomware attacks, attackers can gain access to healthcare (and other) networks using diverse methods. In general, attackers will use whatever vulnerability or other attack vector they can find that serves as an entry-point into the organization. Phishing and malware work, but so do almost any exposed system or vulnerable application. In fact, the Oct 2, 2019 FBI ransomware public service announcement cites software vulnerabilities as one of the top three ransomware attack vectors.9

So, to protect against ransomware, organizations need to be able to discover and prioritize the risks associated with all of the IT assets in their attacker-exposed IT ecosystem. This includes cloud assets, systems used for remote access, as well as assets that belong to partners and subsidiaries. Discovering risks has to begin with mapping your attack surface to identify the exposed assets that can potentially lead to a compromise, be it ransomware or other attack and breach forms.

Yes, actions such as investments in perimeter and end-point security are important, but those only address the risks associated with the assets that you already know about. Discovering your attack surface will help you find your unknowns – that is what attackers are looking for as well.


About Raphael Reich, Vice President Marketing

Raphael Reich, Vice President of Marketing, has helped bring innovative, category-defining security products to market for over two decades.

Contact Author:
  • linkedin
  • email

Start Eliminating Your Shadow Risk

Demo Request