Healthcare Information Security

Cybersecurity News

Healthcare Ransomware Leads Other Industries by Large Margin

A recent study found that healthcare ransomware cases are the most common in terms of ransomware attacks, with Cryptowall being the most likely type of attack.

By Elizabeth Snell

As the healthcare industry continues to implement new technologies, there are more options for unauthorized third-party attackers to try and infiltrate networks in order to access sensitive data, such as patient PHI.

Healthcare ransomware detection higher than other industries

However, a recent study shows that healthcare ransomware cases are not only becoming more common, they are drastically outweighing ransomware detections in other industries.

The healthcare sector accounted for 88 percent of all ransomware detection, according to a report from Solutionary.

Education was the second most affected, accounting for 6 percent of detections, while finance accounted for 4 percent.

The Security Engineering Research Team (SERT) Quarterly Threat Report for Q2 2016 also found that the top forms of attacks for Q2 were web application, malware, and application-specific attacks, which combined for approximately 62 percent of all attacks.

"Healthcare has been a target for ransomware campaigns because the industry has often paid ransom to retrieve vital customer data quickly,” Solutionary Security Engineering Research Team Director of Research Rob Kraus explained in a statement. “Furthermore, healthcare organizations use an abundance of systems and devices that are crucial pivot-points for an attacker, and they can even be victims of ransomware themselves."

Solutionary graph of industries detecting ransomware attacks

Kraus added that it’s essential for organizations to ensure they have a “robust backup and recovery process,” as this can help protect customer and company data. Security software should also be current, so it can detect recent variants of ransomware.

The report also found that Cryptowall ransomware attacks accounted for 94 percent of detected cases, also stemming from outbound connections, C2 server check-ins and beacons, depending on the version of CryptoWall.

Solutionary graph of detected ransomware variants

Ransomware distribution via email is a top delivery method, the report’s authors explained, along with compromised websites and exploit kits. With successful infection rates, there is likely no reason for attackers to try and change their delivery method.

Furthermore, healthcare, education, and industries that continue to quickly pay a demanded ransom will likely continue to be top targets.

“IoT disaster recovery plans are simply not created in these environments, so home users will be hit with the attack, and most will resort to paying the ransom or repairing or replacing the devices,” reads the report. “Simply put, attackers will likely continue to focus on victims with diverse, complicated infrastructures who tend to reach the decision to pay the ransom more rapidly.”

Security awareness training, backups, and anti-virus systems are all recommendations that organizations need to implement to work toward preventing and detecting ransomware attacks, add the report’s authors.

“End users should be properly trained on email and web browsing policies. It may also prove beneficial to simulate different attacks, including a phishing email attempt,” the authors explain.   

Backups should be stored off-site and locally, to help ensure a minimal recovery time objective.

Healthcare ransomware prevention and detection methods are essential for covered entities of all sizes. The Department of Health and Human Services (HHS) has also taken note in the increase in reported attacks, and recently published ransomware guidance and how it aligns with HIPAA compliance measures.

“Organizations need to take steps to safeguard their data from ransomware attacks,” Office for Civil Rights Director Jocelyn Samuels wrote in a blog post. “HIPAA covered entities and business associates are required to develop and implement security incident procedures and response and reporting processes that are reasonable and appropriate to respond to malware and other security incidents.”

HHS also discussed the importance of implementing a data backup plan, adding that not only is it required under HIPAA rules, but it will be beneficial in the wake of a ransomware attack.

Image Credit: Solutionary

Dig Deeper:


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks