Cybersecurity

Ransomware attacks on health care sector are driving increase in emergency patient care

A rise in attacks on the sector, with Iran at the forefront, causes spillovers to other hospitals, Microsoft said.

October 22, 2024

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Ambulances lined up outside NYU Langone Health hospital on April 23, 2020 in New York City. Ransomware cases on health care facilities have led to increase in stroke and cardiac arrest cases at hospitals receiving patients from nearby facilities paralyzed by such attacks. (Getty Images)

Ransomware attacks on the health care sector are rising and putting lives at risk, led by Iranian hackers, Microsoft said in a report Tuesday.

The report, which draws on both internal company data and external data, points to a 300% increase in ransomware attacks on the health sector since 2015, and an increase in stroke and cardiac arrest cases at hospitals receiving patients from nearby facilities paralyzed by such attacks.

It all amounts to a dangerous trend from conditions during the height of the COVID-19 pandemic, when some ransomware groups pledged to avoid attacking the health care sector.

“That [pledge has] been shoved off the table, unfortunately, and we are seeing a broader targeting of everything that has to do with health care, from hospital systems to clinics to doctors’ offices — really, anything where patient care can be impacted,” Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, told CyberScoop. “Threat actors know people’s lives are at stake, and therefore the organization is more likely to pay.”

Health care is one of the top 10 most targeted sectors, according to second-quarter 2024 data from Microsoft, and the average payment from a survey of health care organizations was $4.4 million.

Iranian gangs appear to be targeting health care organizations the most, Microsoft data suggests.

A study last year found that ransomware attacks on hospitals cause a spillover effect, where unaffected hospitals see a surge in patients, leading to stroke cases rising by 113% and cardiac arrest cases jumping 81%. Survival rates also dropped from those cardiac arrest cases.

“We know that these types of incidents have impacts on many of the technologies, such as CT scanners or laboratory machines that are used to take care of patients suffering from things like heart attack, stroke or sepsis,” Jeff Tully, co-director and of the University of California San Diego Center for Healthcare Cybersecurity and co-author of that study, told CyberScoop. “And we know that there are delays in our ability to care for these patients during these types of down times.”

Tully said the center was working to develop a ransomware response playbook for health care organizations, while DeGrippo emphasized the importance of building resilience to be able to withstand an attack when it happens.