Ransomware, a growing threat in healthcare

Team Zorg Enablers
Published on
Implementations | Control & Monitoring


Healthcare is digitalising at a rapid pace. But this also has its risks. The increasing independence of digital processes and availability of data makes healthcare increasingly interesting for cyber criminals and hackers. In 2019, the Dutch personal data authority (Nederlandse Autoriteit Persoonsgegevens) received over 900 reports of hacking, malware, and/or phishing incidents. An increase of 25% from 2018, of which 13% came from the healthcare sector[1]. An international analysis of 2.500 cyber attacks across the globe showed a similar image: 1 in 10 cyber attacks were aimed at a party in the healthcare sector[2].

An often occurring kind of cyber crime the healthcare sector deals with is ransomware, also known as hostage-ware. Hackers encrypt computers and (medical) data and make them inaccessible to care facilities. The encrypted data is only released again after paying the ransom, often with cryptocurrency such as Bitcoin. Contamination often happens through contaminated files, such as an e-mail attachment or advertisements on the internet that abuse a leak in non-updated software.

A survey held among 25 Dutch hospitals in 2017 already indicated that over half of the hospitals dealt with ransomware in the last three years. None of the hospitals turned out to have paid a ransom[3]. The most well-known ransomware attack is the global WannaCry cyber attack that hit, amongst others, multiple hospitals in England and Scotland of the British National Health Service (NHS). Over 70.000 of the NHS’ devices, including MRI-scanners, computers, and operating theatres’ devices were contaminated. The NHS eventually incurred over £92 million, partly due to 19.000 cancelled appointments[4]. Another example is the ransomware attack on the Park DuValle Community Health Center in Kentucky, US. This hospital was hit two times in a row. In April of 2019, cyber criminals encrypted the computers for three weeks, but due to an available data backup, work could be resumed. In June 2019, the organisation was attacked again. Only this time, there were no back-ups to fall back on. Employees then had to record patient data on paper, and patients’ self-reporting was used[5]. Park DuValle didn’t pay the demanded $70.000, but spent almost $1 million to repair the damage[6]. The consequences of a ransomware attack are thus very damaging for the accessibility and quality of care, and can even claim lives. A University Medical Center in Germany was, for instance, no longer able to provide acute care after an attack. A patient on the way to the hospital in an ambulance had to be diverted to a different hospital because of this. A delay which presumably contributed to the death of the victim[7].

Besides taking data hostage, data theft is an increasingly important goal of hackers. In care facilities, personal data and medical data are often stored together with financial data. This combined information is very valuable because it can be used for identity theft or bank fraud[8]. Internationally, the number of cyber attacks aimed at obtaining information increases by 22% annually[9]. The most sensational hack in healthcare in the past year happened in the US. In the beginning of May 2020 it was announced that an external collection agency, focussed on the medical field, was hacked. Personal, financial, and medical data of around 26 million patients was obtained[10]. The hack came to light when 200.000 compromised credit cards were found on the Dark Web. Due to the leak, the collection agency declared bankruptcy.

Recent studies by Budke et al. [11] and Miller et al. [12] thoroughly describe the way in which cyber attacks in healthcare are developing, and how the risk of a cyber attack can be reduced. They conclude that healthcare is falling behind compared to other fields when it comes to cybersecurity. To decrease the risk of a cyber attack, they propose several recommendations:

  • Appoint a Chief Information Officer with extensive IT experience, who is ultimately responsible for cyber security;
  • Train your employees in, amongst other things, recognising fake websites, how to deal with phishing e-mails, and the safe use of passwords;
  • Develop and implement a cyber attack protocol, based on risk- and impact analyses, amongst other things;
  • Ensure that software is always up-to-date. For example, several months before the Wannacry attack, Microsoft released a security update which repaired the vulnerability Wannacry ransomware exploited;
  • Implement procedures for direct and regular backup of all critical systems and data;
  • Use specific software that can protect the IT infrastructure against ransomware attacks in real-time.

The battle between cyber criminals and security of digital systems remains a game of cat and mouse. A recent international survey amongst IT specialists shows that 96% is worried about the fact that cyber criminals are surpassing the security of healthcare organisations[2]. Structurally paying more attention to – and creating (financial) room for – cybersecurity is necessary, with the digitalisation of healthcare, in order to put a stop to the increasing threat from cyber criminals.


  1.  Autoriteit persoonsgegevens, Meldplicht datalekken: facts & figures Overzicht feiten en cijfers 2019, 2019
  2. Blackberry Cyclance, 2020 Threat Report, 2020
  3. NOS, Zeker vijftien ziekenhuizen geïnfecteerd met ransomware, 2017 [Available from: https://nos.nl/artikel/2179941-zeker-vijftien-ziekenhuizen-geinfecteerd-met-ransomware.html]
  4. Department of Health and Social Care, Securing cyber resilience in health and care – progress update October 2018, 2018
  5. Maria Clark, The Most Devastating Healthcare Ransomware Attacks in 2019, 2019 [Available from: https//etactics.com/blog/the-most-devastating-healthcare-ransomware-attacks-in-2019]
  6. Paul Bischoff, 172 ransomware attacks on US healthcare organizations since 2016 (costing over $157 million), February 2020 [Available from: https://www.comparitech.com/blog/information-security/ransomware-attacks-hospitals-data]
  7. Z-cert, 8 vragen over ransomware met dodelijke afloop, September 2020 [Available from: https://www.z-cert.nl/publicaties/articles/8-vragen-over-ransomware-met-dodelijke-afloop]
  8. Charlie Osborne, The latest healthcare data breaches in 2019/2020, February 2020 [Available from: https://portswigger.net/daily-swig/the-latest-healthcare-data-breaches]
  9. Abelson, R. & Goldstein, M. Millions of Anthem customers targeted in cyberattack,2015 [Availalable from: https://www.nytimes.com/2015/02/05/business/hackers-breached-data-of-millions-insurer-says.html]
  10. Jessica Davis, the 10 biggest healthcare data breaches of 2019 so far, July 2019 [Available from: https://healthitsecurity.com/news/the-10-biggest-healthcare-data-breaches-of-2019-so-far]
  11. Budke, C. A., & Enko, P. J., Physician Practice Cybersecurity Threats: Ransomware. Missouri medicine, 117(2), 102–104, 2020
  12. Miller, A. C., Khan, A. M., & Ziad, S., Ransomware and Academic International Medicine, In Contemporary Developments and Perspectives in International Health Security-Volume 1. IntechOpen, 2020