Ransomware Attacks on Healthcare are Essentially Cyber Terrorism


November 29, 2023

World map

US healthcare provider Ardent Health Services is struggling to recover from disruptions to clinical operations in the wake of a November 23 ransomware attack.

“Ardent’s IT team immediately began working to understand the event, safeguard data and regain functionality, taking its network offline, it said. This suspended all user access to its IT applications including corporate servers, Epic software, internet and clinical programs,” Cybersecurity Hub reports.

“Some Ardent hospitals are currently operating on divert, which means they are asking local ambulance services to transport patients in need of emergency care to other area hospitals.”

Takeaway: Ransomware attacks against the healthcare system are increasingly impacting organization’s ability to care for patients, and it’s only a matter of time before we start seeing a direct link between ransomware attacks and patient mortality.

There must be a point – and we may have already crossed that threshold – where ransomware attacks on healthcare providers have reached the level of outright cyber terrorism.  

Is this an alarmist position to take? Not in the least. The stakes are extremely high for healthcare, and the disruption to operations from ransomware attacks is already proving to be negatively impacting patient care.

A recent study found that 68% said ransomware attacks resulted in a disruption to patient care, and 43% said data exfiltration during the attack also negatively impacted patient care with 46% noting increased mortality rates, and 38% noting more complications in medical procedures following an attack.  

Ardent is just the latest provider to be impacted. One recent report revealed that 539 known ransomware attacks targeting healthcare organizations in the US since 2016 compromised more than 52 million patient records and have cost providers about $80 billion in network downtime losses.

For example, a ransomware attack on Prospect Medical Holdings forced the suspension of services at emergency rooms, cancelled medical procedures, downed billing systems, and caused ambulances to be diverted at multiple healthcare facilities.

Several hospital emergency rooms in New Jersey were forced to divert ambulances following a disruptive ransomware attack, and an attack on SMP Health forced the organization to cease operations and close the St. Margaret’s Health facility.

With lives literally on the line, why is this threat not being taken more seriously?

If a gunman were to enter a healthcare facility and hold patients hostage for a week or more, preventing them from receiving necessary treatment, it would be terrorism.

Yet, when cybercriminal terrorists essentially do the same thing – hold patients hostage by way of healthcare system and data encryption that prevents patient treatment – the attacks are treated like any other business problem in the media.

The simple truth is that legacy security tools were simply not designed to address the unique threat that ransomware presents, and this is why we keep seeing destructive ransomware attacks circumvent these traditional security solutions.

Ransomware operators will continue to victimize healthcare providers because the sector typically lacks the appropriate budgets and staff to maintain a reasonable security posture.

Criminal ransomware groups know that the impact of an attack against healthcare organizations does not just disrupt everyday business, it directly affects the lives of their patients. This puts tremendous pressure on the organization to pay the ransom demand or risk delays in patient care.  

Ransomware operators know this and use this urgency as leverage to compel ever larger ransom demands. If this does not rise to the level of outright terrorism, what does?  

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.