Healthcare Ransomware Attacks Have Recently Spiked


Healthcare Cyber SecurityThe average cost of a data breach in the U.S. is $9.44M — twice the global average. And according to the most current Cost of a Data Breach Report, healthcare was hit the hardest for the 12th year in a row, with an increase of 42% since 2020.

While data breaches and cyberattacks are harmful in any industry, healthcare companies can be hit with unprecedented fines if the breach violates HIPAA privacy law. Unfortunately, paying the ransom is often the answer when there is a breach in patient services and private data. According to the Cost of a Data Breach Report, a breach in the healthcare industry now comes with a record-high price tag of $10.10M. *The Cost of a Data Breach Report is compiled with research independently conducted by Ponemon Institute and featuring analysis by IBM Security. It’s among the leading benchmark reports in the security industry.

Scripps Data Breach

Ransomware attacks are becoming more varied, aggressive, and costly. Hospitals are under significant attack as they are caught in the crosshairs. A massive cyberattack in May 2021 cost Scripps Health $112.7 million through June, forcing Scripps to bear most of the burden through lost revenue.

Universal Health Services was hit with a devastating attack in 2020 that took down its IT systems, leading to a network shutdown at 250 hospitals around the country. According to an HHS report, that attack cost the health system $67 million in lost revenue and recovery.

Officials said an attack on the University of Vermont, an academic medical facility, cost $54 million, including rebuilding the computer network and lost revenue.

Tenet recently reported it saw an 11% decline in its hospital revenue in the second quarter of 2022 due in part to a significant cyberattack.

In 2019, a ransomware attack against a hospital locked staff out of their computers, causing them to miss early warning signs that ultimately led to the tragic death of an infant.

Healthcare Cyber Security

Hospitals must take crucial steps to defend themselves against cybercriminals, starting with their employees.

It only takes one employee to open one bad email, but educating staff on basic security hygiene and phishing emails can help hospitals mitigate (or avoid altogether) malware attacks. Educating staff on telltale signs of phishing emails that hide malicious code is a powerful cybersecurity tool.

Strong firewalls and frequent antivirus software updates are also effective ways to defend yourself against cybercriminals. Backing up files is another familiar defensive maneuver. The catch, though, is how cybersecurity measures are implemented.

When a hospital is held hostage

What happens if a hospital or healthcare agency is breached and a ransom demand is made? If paying the ransom isn’t an option, what is?

There are growing calls from health system executives for the government to step in and provide more help and better protection for crucial digital infrastructure.

President Joe Biden signed a law in March that directs critical infrastructure organizations to document specific cyber incidents and ransomware payments to the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency.

Unfortunately, not all healthcare agencies go straight to federal authorities out of  fear of being fined for not safeguarding patient records.

CBE’s cybersecurity posture

For CBE Companies, cybersecurity is an intricate practice. According to Bill Atkins, Director of Information Security, the best way to prevent attacks and secure information is through a multilayered approach to cyber security. Atkins explains that the information security posture of CBE is based on the fundamentals outlined in major national and international security standards, which intertwine staff, processes, and technologies. Their successful cybersecurity approach has several layers of protection stacked on top of the computer, network, software, and data they aim to secure.

Though information security largely falls within the domain of the IT team, the reputational fallout from a cyberattack quickly becomes a business problem. Working with a healthcare expert to handle your revenue cycle management and patient billing means you can rest assured that your patients’ personally identifiable data will not be hacked. Learn how CBE’s security and data protocols protect your organization’s and your patients’ data while providing industry-leading customer care, visit

Healthcare Assessment