Malware & Ransomware Protection

How Ransomware is Affecting the Healthcare Industry

rectangle Written by: Purandar Das rectangle 2 5 min read

Ransomware in the healthcare industry is a matter of life and death. It’s not hyperbole. These attacks cripple infrastructure so thoroughly, they have resulted in patient death. Attacks are so prevalent that the FBI issued a warning explicitly targeting healthcare organizations. This warning is not without cause, as over a third of healthcare organizations were hit by ransomware, and 65% of them had their data encrypted.

Attackers have evolved their attack profiles to squeeze more money out of victims. Instead of simply encrypting systems for ransom, they now include data theft. In the healthcare industry, this is significantly worse as it runs afoul of the Health Insurance Portability and Accountability Act (HIPAA).

Healthcare organizations are not without hope, however. There are ways to shield your organizational data from exposure to cybercriminals and keep it within HIPAA standards. This article will explore the evolution of cybercriminals’ ransomware tactics and what your organization can do to protect itself.


Like the Flu, Ransomware Has Several Strains 

Ransomware was already a profitable enterprise for cybercriminals. The largest ransom paid out to date was $40 million, but greedy attackers wanted more. This evolution is likely due to organizations choosing to restore from backups or simply deciding not to pay, leaving attackers empty-handed. No matter the reason, newer ransomware strains go beyond simple encryption and work to steal customers’ data to demand additional ransom not to disclose it.

Unending Extortion

The latest evolution of ransomware targets sensitive company data to hold for ransom. The malware either locates it or opens backdoors to allow cybercriminals to parse through systems manually. This data, once acquired, is exfiltrated off-site to be ransomed off separately to the organization. Even if the company decides not to pay the ransom to unlock their endpoints, they still have to pay the criminals not to publicly disclose their most sensitive data.

Though this attack does not end with a single extortion demand, the attackers can come back to the organization time and again to request additional ransom to keep quiet. In addition, they can also reach out to patients, employees, and others on whom the business had collected data. They can make demands not to leak their data from the breach, creating a renewable cycle of extortion for the crooks.


Compliance Remains a Challenge

While having your endpoints encrypted is difficult enough for a business, healthcare organizations specifically are at risk. By accessing patient information, it is technically a breach, and HIPAA notification rules come into effect. Depending on the scale of the breach, it could simply be notifying affected individuals but could scale to informing the media.

In addition, after a HIPAA breach, there are also investigations into how the breach happened. Any failures in taking due diligence to protect the data can lead to fines and a corrective action plan. These are mandatory remediation plans that force the implementation of control solutions on timelines outlined by the Office of Civil Rights (OCR). These are expensive as they tie up your resources and force you to purchase and implement solutions quickly, which is always more expensive than planned ones.

You Can Shield Your Data 

Protecting your data from cybercriminals is essential for avoiding extortion attacks from ransomware. Doing this requires a layered approach to how you protect your data. First and foremost is implementing good access control policies and procedures to ensure that the principle of least privilege is applied. This means that individuals only have access to the data that they require to do their job. This limits the impact if an account or endpoint is compromised. Then using robust encryption, the data is rendered unreadable to all but those who should have access.

The Value of Lifecycle Data Encryption 

When talking about data encryption, not any single solution will do. Many legacy solutions still require decrypting the data to read it or work with it. This creates a period where criminals can access the data. Modern solutions keep the data encrypted throughout its lifecycle. This means that even when sensitive data is in a database and queries need to be run against it, the database can complete the queries without decrypting the data.

This kind of data encryption solution requires a holistic platform to manage the encryption. This platform will broker access to the encrypted data and prevent questionable access from taking place. It does this through role-based access to simplify administration and threat monitoring to detect abnormal access behavior. This combined solution can prevent data from being stolen, even when criminals have infected an endpoint or stolen credentials.

An Evolved Solution for Evolved Malware

When choosing solutions to defend your data against evolved ransomware threats, it is crucial to choose one that is also evolved. Not all solutions have the same level of effectiveness. Look for technologies that provide a holistic approach to data protection while still enabling your organization to collaborate. Effective solutions will integrate into your organization, allowing your employees to share data without compromising confidentiality safely.

Sotero has the experience to help your healthcare organization protect its data from ransomware. Using next-generation encryption technology, Sotero enables organizations to keep their data protected and maintain strict compliance standards. Schedule a demo to learn how Sotero can help your business maintain confidentiality while sharing and collaborating.


data protection,

data regulations,

data security,


Subscribe to our Blog

Take a look at a truly encrypted future, with no data left unsecure.

Request a Live Demo.

Schedule a live one-on-one
demo of Sotero.

Book Demo