Skip to main content
close search
site logo
Dive Brief

Ransomware attacks on healthcare impact nearly five times more sensitive data: report

Twenty percent of a typical healthcare organization’s sensitive data holdings are affected in a ransomware encryption event, compared with an average of just 6% in other industries.

Published April 30, 2024
Emily Olsen's headshot
Reporter
Creative image depicting a ransomware attack.
iStock / Getty Images Plus via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Ransomware attacks on healthcare organizations compromise significantly more sensitive data compared with attacks on other industries, according to a report released Tuesday by Rubrik Zero Labs, the research arm of a cybersecurity firm. 
  • Twenty percent of a typical healthcare organization’s sensitive data holdings are impacted — meaning files are encrypted, deleted or taken — in the event of a successful ransomware encryption event, compared with just 6% for an average company. 
  • Healthcare companies hold an outsized amount of sensitive information relative to other industries, averaging 42 million sensitive data records compared to a global average of 28 million records. The gap between industries is projected to grow as healthcare organizations accumulate sensitive data at a more rapid clip, according to the report.

Dive Insight:

Cyberattacks are a serious threat to healthcare operations, and they’ve become increasingly common over the past five years. 

Ransomware, a type of malware that denies users access to their data until a ransom is paid, can have devastating impacts on hospitals, potentially cutting off access to important tools like electronic health records and forcing them to divert patients to other facilities

The sector is still recovering from the February attack on UnitedHealth-owned technology vendor Change Healthcare. The cyberattack snarled key tasks like billing, eligibility checks, prior authorization requests and prescription fulfillment.

The company chose to pay a ransom, but a large amount of patient data may have been compromised. In a targeted data sample of impacted data, UnitedHealth found files with protected health information or personally identifiable information that could cover “a substantial proportion of people in America.”

Regulators and lawmakers have taken notice of healthcare cybersecurity risks. Early this year, the HHS released voluntary cybersecurity goals for the sector, with plans to seek enforceable standards.

The Biden administration’s budget proposal for 2025 includes funds to boost hospital protections, with eventual penalties if providers don’t adopt the standards.

Witnesses at a House subcommittee hearing on the Change cyberattack earlier this month argued the funds might not be enough to shore up hospital defenses, especially for vulnerable small and rural providers. 

Recommended Reading

Filed Under: Health IT

Editors' picks

Company Announcements

View all | Post a press release
University Compounding Pharmacy Announces Rebrand to MediVera Compounding Pharmacy™
From MediVera Compounding Pharmacy
July 29, 2024
HearUSA Ranked a Top Hearing Care Retailer in Newsweek’s America's Best Retailers 2024
From HearUSA
July 30, 2024
Healthworx partners with Highmark Inc, LifeBridge Health for new accelerator program
From Healthworx
July 30, 2024
Corazon Offers Comprehensive Services to Ambulatory Surgery Centers
From Corazon
August 06, 2024
Editors' picks
Latest in Health IT
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell