Ransomware in Health Care: 5 Tips to Avoid Being a Victim

Every person, from the newest employee to the CEO, can either strengthen or weaken an organization’s security posture. For this reason, healthcare companies need to help their employees take precautions against the latest ransomware scams; otherwise, their organization may be the next ransomware victim.

One of the main reasons health care has become such fertile ground for ransomware hacks is the shift to digitalized personal healthcare records in a rapid time frame. Less than 10 years ago, most physicians updated patient records manually and stored them in color-coded file systems. By the end of 2017, industry data suggests that approximately 90 percent of office-based physicians had moved to electronic systems—electronic health records (EHR) or electronic medical records (EMR)—for the storage, retrieval and management of electronic health data. Virtually all of these systems are online and internet accessible. EHR/EMR really made the healthcare industry a perfect target for ransomware attempts.

But, the cost of a ransomware attack goes far beyond any extortion payment. When considering the associated costs including downtime, lost revenue, angry patients or customers, attack mitigation and recovery expenses, brand reputation damage and non-compliance fines, in retrospect the cost of the ransom itself may seem trivial.

When the UK National Health Service (NHS) was impacted by the global WannaCry outbreak of 2017, hundreds of NHS facilities were brought to a standstill for several days, resulting in the cancellation of thousands of appointments and operations as well as the urgent relocation of patients from impacted emergency centers. In April 2017, Erie County Medical Center lost access to 6,000 computers due to a ransomware attack, which resulted in six weeks of manual operations and a recovery process that ultimately cost the medical center $10 million.

Unfortunately, security technologies can do only so much to protect your organization against an attack. Ransomware typically spreads through phishing emails or by visiting an infected website. Even the most advanced antivirus and anti-ransomware solutions can’t stop Fully UnDetectable (FUD) threats that were conceived by cybercriminals to directly evade existing security layers and harm data. In fact, the majority of ransomware victims have some traditional antivirus and anti-malware protection in place and yet still fall prey to attacks.

Even if your organizations has backups, you may be surprised to find that you are still vulnerable. Today, many criminals do reconnaissance on their victim’s network and compromise backups before deploying the encrypting malware to increase the odds that the organization will pay the ransom.

But paying the ransom doesn’t always work out either. study by the CyberEdge Group shows that of the 39 percent of ransomware victims who have paid, less than half recover their data. It also leaves the victimized organization vulnerable to another attack. If the root cause of the breach is not corrected, another day can bring another ransom request.

Ultimately, it is up to your organizational leaders to decide whether to pay or not. Healthcare organizations are a favorite target of cybercriminals because they are more likely to pay up when computer downtime can introduce life-or-death consequences. Regardless of your position on paying cybercriminals a ransom, the best strategy is to avoid being placed in a compromised position in the first place. But how?

Obviously, all healthcare organizations want to avoid being a ransomware victim, but cybersecurity is a complex problem that requires multiple layers of defenses. Small- to medium-sized healthcare organizations are particularly vulnerable, since many believe they don’t have adequate financial or technical resources to defend themselves against the onslaught attacks.

Industry experts estimate that a company with 50 employees may have to spend upward of $50,000 to deploy sophisticated endpoint technologies such as antivirus, anti-malware software and firewalls to keep intruders out and then thousands of dollars each year to keep everything up to date. Even when making this investment in security, it doesn’t guarantee a breach won’t happen. Just one wrong click by an employee is all it takes.

5 Ransomware Prevention Tips

In the face of this rapidly growing threat, healthcare organizations should take concrete steps to deploy the technologies needed to protect systems from ransomware attacks. But employees need to be educated on how ransomware is distributed and taught how to be cautious when clicking on online advertisements or email links, visiting a new website and opening attachments from unfamiliar or suspicious senders.

To avoid ransomware threats whether at home or on the job, all computer users should follow these security best practices:

  1. Always have a trusted antivirus or anti-malware software installed on every single computer and mobile device used at work and home.
  2. Choose strong and unique passwords for all work and personal accounts including mobile devices and wireless connections. Then keep them safe with a password management tool.
  3. Regularly backup files to an external hard drive that is not connected to the internet.
  4. Never open suspicious email attachments or links.
  5. Use Mirror Shielding technology as a fail-safe data protection measure, just in case things go wrong.

Other helpful hints include making sure employees know that they should immediately disconnect from the internet to avoid any additional infections or data losses if they receive a ransomware popup or message alerting them to an infection. Additionally, targeted individuals and organizations should alert local law enforcement personnel and file a complaint at www.IC3.gov.


Many malicious attacks can be stopped by endpoint security products and advanced threat protection solutions, but creative scammers keep finding ways to get past these defenses. If a company’s security program does not address these new methods of attack, and its employees are not empowered to defend themselves, the company will be more likely to fall for a scam or engage in actions that threaten the security of data and network integrity.

A 2017 survey from Wombat Security Technologies revealed that 30 percent of employees don’t know what phishing is. Additionally, ransomware is an unknown concept to nearly two-thirds of workers. If an organization is dependent on computer systems to serve patients or simply generate revenue, these statistics should serve as a wake-up call.

It may seem like an uphill battle, but if the healthcare industry is willing to make the investment in the right tools and training, employees can help defend against growing ransomware attacks and other sneaky methods used to scam healthcare organizations out of cash and valuable data.

Marcus Chung

Avatar photo

Marcus Chung

Marcus Chung, CEO at BoldCloud, has a cybersecurity career that spans over 20+ years, Marcus held key roles at Sygate and was instrumental in the company’s acquisition by Symantec. As a founding member of Malwarebytes, he helped grow the company to over 200 employees. Marcus was just voted “Best Security Consultant” by the 2020 Infosecurity Products Guide Awards and is a Board Member of tech innovator VSEKUR.

marcus-chung has 5 posts and counting.See all posts by marcus-chung