It’s Terrorism: Ransomware Attacks on Healthcare Break Records


June 12, 2024

World map

Cybersecurity firm Recorded Future noted at least 44 ransomware attacks targeting healthcare organizations in April, more victims from that sector than they have ever previously tracked in a single month.

News of the spike in attacks on healthcare follow the unprecedented attack earlier this year against Change Healthcare that crippled services and impacted as many as one-in-three people in the US and netted the attackers a $22 million dollar payday.

“While most of the health care ransomware victims of the last two months have suffered quietly, a few have experienced life-threatening disruptions on a scale that's difficult to miss. Ascension, a network of 140 hospitals and 40 senior living facilities, was targeted by a ransomware group known as Black Basta and forced to divert ambulances from hospitals in some cases, according to CNN, potentially delaying lifesaving emergency procedures,” Wired reports.

“The notorious hacker group LockBit published 61 gigabytes of data stolen from the Simone Veil hospital in Cannes, France, after it refused to pay a ransom. And earlier this month, pathology firm Synnovis was hit by ransomware, believed to be the work of Russian group Qilin, forcing multiple hospitals in London to delay surgeries and even seek more donations of O-type blood due to the hospitals' inability to match existing blood donations with patients needing transfusions.”

Takeaway: Healthcare has been under assault from ransomware operators for years, but the attacks have not garnered as much attention from the media or the authorities as they deserve.

When a ransomware operator selects a target, of the many things they consider top of mind is always “will they pay a ransom demand?”  

Victims in some sectors are perhaps more likely to pay because the organization cannot withstand the disruption to production, such as with a manufacturer or online retail company.

They need to keep production systems up and running because any disruption means losses are measured by the minute. This is even more true, and much more dire, in the case of healthcare providers.

Ransomware attackers are ruthless criminals who only care about making money at the expense of others. They understand that when they attack a healthcare provider, that entity likely will not be able to deliver medical services in a timely manner.

They understand that the inability to provide care to patients puts the lives of those patients at risk, and they understand that the increased chance that patients could die or become sicker is the kind of pressure needed to force the victim organization to pay a hefty ransom demand and pay it quickly.

These ransomware operators are totally aware that they are putting people’s lives at risk, and they are using the risk of death or further injury as leverage to force payment so they can profit.

Yet we continue to treat these attacks as simple IT downtime issues that are not putting lives at real risk, and we know these attackers enjoy safe harbor in Russia and other adversarial nations who benefit geopolitically from the attacks yet face zero consequences as they enjoy plausible deniability.  

It’s time to designate attacks on healthcare providers as terrorism, and most likely state-sponsored – or at the very least, state encouraged terrorist acts.  

It is unfathomable that we would continue to be under assault daily to this extent where we know lives are being threatened yet treat the attacks as if they are merely financial crimes.

Who is going to stand up and say enough is enough? Who is going to draw a line in the sand and say the next attack is going to result in sanctions, seizure of state funds, and possibly elicit a kinetic response? Who is going to protect us?

Guidelines and frameworks are a nice public relation campaign for the government, but they don’t do anything to protect us from the very real risk to life that we are facing from ransomware attacks.  

Someone please do something. is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.