Every healthcare executive knows that ransomware is a constant threat. But why is the industry such a prominent target for these attacks – and what can you do to curb the threat in 2025?
This article tackles those questions head-on and provides a complete overview to help healthcare executives:
- Understand the true state of healthcare ransomware heading into 2025
- Identify the factors that make healthcare unusually susceptible to these attacks
- Take active steps to protect their patients and organization from this growing threat
The Rising Wave of Healthcare Ransomware
Healthcare is consistently ranked among the most common targets for ransomware attacks. In fact, estimates from the end of 2024 suggest it was the most frequently impacted industry – with two-thirds of organizations experiencing an attack.
Worse still, this ever-upward trajectory of healthcare ransomware attacks runs counter to the general trend. 2024 saw fewer ransomware attacks overall than the previous year, as incidences across all industries dropped by 7 percentage points. Yet healthcare saw an increase of 7 percentage points. Some research suggests the number of healthcare organizations being hit with ransomware has increased by nearly 100% since 2021.
Experts expect this “rising wave” to continue in 2025, with specific concerns raised about:
- AI Adoption: Healthcare organization will increasingly use generative AI to drive operational efficiency, but these new solutions will create new opportunities for criminals to infiltrate IT systems – especially as employees learn to navigate the new technology. This is listed is a key concern for 2025 by Kodiak Solutions.
- Political Attacks: With geopolitical tensions rising, 2025 could see an increase in healthcare ransomware attacks from hostile nation states. Experts point to growing cooperation between international groups as driving many healthcare ransomware hits, enabling more sophisticated attacks with far greater firepower at their disposal.
Ultimately, cybersecurity has been cited as the third biggest threat to US healthcare in 2025, with ransomware expected to remain the top challenge for security teams.
Why Does Ransomware Target Healthcare?
Healthcare therefore presents a “perfect cocktail” for ransomware attackers:
1. Flow Fault Tolerance
Healthcare systems are easily disrupted, due to a combination of outdated legacy technology and highly complex interconnected IT systems. For example, if EHR data is suddenly inaccessible, a range of operations are suddenly taken offline. Equally, chronic staffing shortages mean healthcare organizations are often slower than companies in other industries to respond and mitigate against attacks.
All of this is exacerbated by unusually low cybersecurity budgets; just 6% of the average organization’s IT budget is focused on security. This leaves under-resourced teams trying to desperately pieces together policies that will adequately protect against and mitigate ransomware attacks.
2. Heightened Risk
Ransomware puts attackers in control of their victim’s fate: how long can you tolerate a lack of access to your IT system?
Healthcare may have the lowest threshold for such outages, as patients’ lives depend on returning operations to normal. This makes the cost of a ransomware attack far steeper in healthcare. Research from the University of Minnesota finds that ransomware attacks on hospitals increase the risk of patient death by up to 41%, while one estimate found healthcare organizations had lost $77.5 billion due to ransomware between 2016-2023.
3. Highly Lucrative
Healthcare’s low fault tolerance and the heightened risk posed by cyberattacks make healthcare ransomware unusually profitable for criminals. Protected health information (PHI) is already highly valuable, fetching 10x more on the black market than credit card details. But ransomware attacks aren’t just about selling data – they focus on exploiting healthcare leaders’ fears.
Put simply, leaders are willing to pay attackers more than other industries. Successful healthcare ransomware attacks are more lucrative than any other industry, with the average attack costing $2.2 million.
How Can Healthcare Organizations Fight Back in 2025?
Researchers found two primary causes of healthcare ransomware attacks in 2024:
- Exploited Vulnerabilities: Gaps in organizations’ cybersecurity that allowed attackers to infiltrate the system. Examples include outdated software on legacy devices and poorly vetted third-party vendors.
- Employee Error: From phishing attacks to stolen credentials, many attacks are the result of employees unwittingly allowing attackers access to the system.
These point to a unifying cause: a lack of cybersecurity awareness within healthcare. While this may seem bleak, it also points us toward clear steps that will have a powerful impact on your security posture – and help keep your system safe in 2025:
1. Centralized Security Data
Start by investing more time and resources into cybersecurity visibility. There are two basic steps to this:
- Run More Assessments: Create the budget and capacity to run more assessments across all areas of your risk surface, with an emphasis on more robust third-party vendor assessments.
- Centralize Risk Data: Eliminate data silos and create a clear centralized view of all your risk data.
The result will be a unified and detailed view of your entire organization’s vulnerabilities. You will be able to quickly identify gaps and blind spots in your security posture. And given that these are among the most common causes of ransomware attacks, the net impact will be a dramatic reduction in your overall risk.
2. Improve Cybersecurity Training
Human error is a major cause of ransomware attacks, yet most organizations still deprioritize robust staff training. Even simple measures like courses in identifying and blocking phishing attempts could be the difference between a million-dollar breach and a simple click of the mouse.
3. Update Offboarding Processes
Terminated employees and vendors posed an underrecognized risk to healthcare organizations. If these individuals of companies retain access to your systems, they can far more easily be targeted by attackers – or use the access unlawfully themselves.
A recent report found a single former third-party vendor employee had accessed over 1 million patient records from Geisinger – presenting a serious risk to both patients and the organization itself. Simply improving your offboarding process to ensure access is terminated as soon as individuals and vendors are terminated will mitigate this threat.
4. Enhance Response Protocols
The steps above will reduce your exposure to ransomware threats, but we have to be realistic: the current statistics suggest an attack is more likely than not. That is why every organization should have robust policies and procedures in place to mitigate the effects of an attack and minimize downtime.
A few simple examples include communication channels that can be used in the event of an attack and robust system backups that will avoid data loss. But there are a wide range of other factors to consider – and they are all included in our executive checklist.
With steps to assess your cybersecurity strength at daily, monthly, quarterly, and annual intervals, it functions as the perfect reference guide for cybersecurity leaders – all based on regulations and threats that are specific to healthcare.
