When the University of Vermont Medical Center took a massive ransomware hit in the middle of Covid-19, people’s lives were on the line. 

One phishing email and the whole network was on the fritz, sending staff scrambling. “Everything was down… We no longer had fax machines. … You couldn’t use email to communicate,” remembers Dr. Stephen Leffler, the system’s president and COO. “That first evening, we actually sent people over to Best Buy to buy walkie-talkies.”

Healthcare organizations were hit hard with ransomware during the pandemic. In some cases, hospitals had to divert ambulances because their emergency rooms were under attack and couldn’t accept new patients. In some cases, the nearest one was over 100 miles away. There were delayed lab results, postponed maternity checks, missed outpatient treatments and disrupted chemotherapy. Simply put, a ransomware attack on healthcare puts lives on the line.


Why Hackers Target Hospitals

A prime target is one that can’t afford any downtime. This adds organic pressure to pay the ransom, no matter how high, putting healthcare directly in the line of fire. 

  • You can find a stolen SSN or credit card number for $1, while a partial health record can go for $50.
  • In times of international unrest, healthcare is under increasing risk of cyberattack because it is critical national infrastructure. 
  • Once a patient’s information is out there, HIPAA laws have been breached. The legally-protected nature of the information is a prime reason healthcare organizations have a target on their back – they are more likely to pay to keep compliant.

Healthcare organizations are in a tight spot when it comes to protecting the host of sensitive data that they secure. As the pandemic forced hospitals to rapidly adopt connected IoT devices, medical technology and telehealth care, the associated security challenges started to grow. As their network technology rapidly expanded, attackers took advantage of new opportunities to access the network.


An Uptick in Attacks

The healthcare industry saw a 94% increase in ransomware attacks last year. Which comes as no surprise, considering the number of healthcare organizations that paid a ransom continues to double year over year.

Of those that paid the ransom, only 2% got their information back. This is made even more tragic as healthcare claims the second highest recovery rates after an attack, shelling out a whopping $1.85 million dollars per incident and averaging a full week to recover.

When you think about the nature of information we entrust to our medical professionals, these numbers – though staggering – make sense. Think like an attacker. Encrypting and holding for ransom the sensitive data of a retail company might mean putting people’s credit scores or the company’s bottom-line at risk.

Taking a hospital’s data offline – patient data, insurance information, medical history – not only jeopardizes patient privacy but could halt surgeries, tests and upcoming medical procedures, putting lives at risk. It’s no wonder that six in ten healthcare organizations pay the ransom in the event of an attack, the highest rate of any affected industry.


Healthcare’s New Cyber Risks

Digital transformation is changing the way we do healthcare. We are seeing a shift to remote and hybrid work, the growth of virtual care and Telehealth services, a consequent new focus on digital patient experiences and the ongoing digitization of patient records. The security methods in place can’t keep up. New protections and strategies must be deployed to support the modernization of healthcare.

A recent industry report revealed that 74% of all healthcare data breaches arise from hacking and IT incidents, attributable to understaffed healthcare IT departments, legacy technologies not configured properly for new medical technology, and a lack of interoperability standards. In connection to the data, five major risks to the industry were identified as:

  • IoT medical devices
  • Telehealth and mobile health technologies
  • Remote patient access
  • Underequipped IT departments
  • Lack of security training among employees

Poorly secured medical devices are a prevalent security burden to hospitals seeking to provide the online patient access we now expect while guaranteeing the confidentiality that patients need. Adopting digital strategies is great for efficiency and user experience, but a security breach can undermine them bot



Ways to Improve Healthcare Security

Adopting a zero-trust strategy is necessary to protect the personally identifiable information (PII) and stay compliant with HIPAA regulations. That’s why enterprise-grade security solutions are needed as you implement a zero-trust approach. You need to be able to:

  1. Deploy endpoint and malware protection for all devices and users
  2. Automate IT and security tasks to reduce threat risks
  3. Prevent unauthorized access to your network and any that are connected 
  4. Test incident response plans and conduct regular risk assessments 
  5. Leverage your threat intelligence tools to proactively identify, mitigate, and remediate security threats instead of playing reactionary defense

Since over 80% of breaches involve some type of credential abuse, access management is a crucial first step to security. A platform like Duo gives you multiple layers of defense for securing your users, devices and applications enterprise-wide. It lets you secure your remote access accounts with MFA solutions so you can support work anywhere.

Paired with Yubico, it gives you hardware enabled authentication to ensure an extra layer of physical security for sensitive access information. This way, remote attacks like credential stuffing and brute force attempts are stopped at the source.

Once you’ve secured access, you layer your defense in depth with enterprise-wide visibility into your network and end-user activity. Cisco Umbrella gives you API-driven, cloud-based protections like a secure web gateway, cloud-delivered firewall, and the ability to integrate with other solutions.

Acting as a first line of defense, it manages policies, blocks unwanted traffic at the DNS layer, detects anomalies and identifies malicious domains and IPs to detect emerging threats. Then, to pull it all together, Merekai is a fully HIPAA compliant solution that lets you manage all networks from one cloud managed dashboard. 


Don’t want to go at it alone? Port53 can help. We work with organizations to implement a security roadmap that fits with your budget and desired level of risk. Learn more about how our cloud-delivered security solutions can protect your healthcare organization from emerging threats today.


Protect your workforce with simple, powerful access security. 


Cisco Umbrella delivers the most secure, reliable and fastest internet experience to over 100 million users.