Top Healthcare Ransomware Attacks in Recent Years

Top Healthcare Ransomware Attacks in Recent Years

Hackers can sell stolen patient information, which can then be used for future cyber attacks against the healthcare industry.

Healthcare ransomware attacks have become more prevalent in recent years. According to the Office of the Director of National Intelligence (DNI), ransomware attacks against the healthcare industry increased by more than 50 percent in 2023 compared to the previous year.

Why Healthcare Ransomware Attacks Are a Problem

Hackers find healthcare organizations particularly lucrative since they hold valuable patient data. The digitization of healthcare has expanded the attack surface, making it easier for cybercriminals to exploit vulnerabilities. Not to mention, the interconnected medical devices across various locations and the growing shortage of security talent make these organizations more susceptible. 

The volume and value of data in healthcare are immense, making it a prime target. Furthermore, healthcare organizations are often inclined to pay ransoms, usually millions of dollars, due to regulatory pressures and high downtime costs.

One of the biggest concerns is the dark web marketplace for stolen data. Hackers can sell the stolen information, which can then be used for future cyber attacks. This data can be used for social engineering attacks or to hack into other organizations. 

As healthcare data breaches continue to rise in number and cost, it’s essential to understand the damage they can cause. Here’s a look at some of the biggest healthcare ransomware attacks in recent years, highlighting the critical importance of security and compliance fundamentals.

Related: Top 10 Healthcare Companies by 2023 Revenue

1. Medibank

In October 2022, Russian-based hackers, likely linked to the REvil ransomware gang, targeted Medibank. The group stole personal information from 9.7 million customers, including data on 1.8 million international customers and high-profile Australian politicians. 

The stolen data included patient names, dates of birth, social security numbers and medical records. Despite a $10 million ransom demand, Medibank refused to pay, stating that paying would not guarantee data return.

2. Regal Medical Group

In December 2022, Southern California’s Regal Medical Group fell victim to a ransomware attack. The attack targeted 3.3 million patients who were notified in early 2023. The stolen information included names, social security numbers, addresses, dates of birth, diagnoses, treatment details, laboratory test results, prescription data, radiology reports, Medicare ID numbers, health plan member numbers and phone numbers.

3. Community Health Systems

In early 2023, Community Health Systems was targeted by the ClOP ransomware group. The attack exploited the Fortra GoAnywhere MFT zero-day vulnerability, affecting over one million individuals. The organization patched the vulnerability, disconnected access and offered identity theft protection to those impacted.

4. MCNA Dental

In the fall of 2023, US dental insurance company MCNA Dental was attacked by the LockBit ransomware group. The hackers exfiltrated 700 gigabytes of data, including clients’ personal information, over a period of ten days. 

The group demanded a $10 million ransom. When MCNA Dental refused to pay, LockBit published the data on the dark web, compromising the personal information of 8.9 million individuals. This resulted in 11 lawsuits across multiple states.

5. Change Healthcare

In February 2024, the BlackCat/ALPHV ransomware group attacked Change Healthcare, a US health insurance billing firm and UnitedHealth’s technology unit. Change Healthcare, which is responsible for one in three patient records, faced significant disruptions. 

Though unconfirmed, it’s believed Change Healthcare paid a $22 million ransom. The attack caused payment disruptions, billing issues and prescription problems. By mid-March, all operations were restored.

6. Ascension Healthcare

In May 2024, major healthcare nonprofit Ascension experienced a ransomware attack that disrupted its clinical operations. Ascension, which includes 140 hospitals and 40 senior living facilities across 19 states, acted swiftly to minimize the impact on patient care. 

Ascension detected unusual activity on some computer systems and promptly notified the appropriate authorities. Investigations and procedures were initiated to ensure the continuity and safety of patient care. If any sensitive patient data was compromised, Ascension committed to notifying affected individuals.

Healthcare ransomware attacks pose a severe threat due to the value and volume of data these organizations hold. The increasing digitization, interconnected medical devices and security talent shortage exacerbate the problem. 

These attacks demonstrate the critical need for robust security and compliance measures in the healthcare industry. As the frequency and cost of data breaches rise, healthcare organizations must prioritize security to protect sensitive information and maintain operational integrity.

If you want your company to be featured on Xtalks.com, please email [email protected].