Ransomware and other cyberattacks on health institutions are on the rise. The growing frequency of hospital ransomware means more healthcare administrators are investing in cyberattack insurance policies or updating existing ones.

Ensuring coverage against this severe risk to patient confidentiality and potentially their lives is receiving prime attention. The burning questions remain: why are hospital ransomware attacks more common globally, and what can reduce them?

United Nations (UN) Involvement

The issue has become so concerning that the United Nations Security Council met recently to discuss updated digital privacy and cybersecurity guidelines. Briefing Ambassador Tedros Adhanom Ghebreyesus was straightforward in describing cyberattacks, including ransomware, as “issues of life and death.”

Ghebreyesus, the World Health Organization (WHO) Director-General, also said that ransomware undermines consumer trust in important healthcare systems, which can ultimately lead to patient harm.

According to the UN, over 33% of health institutions were ransomware victims in 2020, with one-third of those paying the ransom. A Statista survey shows ransomware affected 72.7% of worldwide businesses in 2023, up from 62.4% in 2020, indicating a likely upsurge in current figures for hospitals and other health facilities over the past few years.

Ghebreyesus also stressed the need for the Security Council to “use its mandate to strengthen global cybersecurity and ensure accountability” with global cooperation.

What Is Ransomware?

Ransomware is a form of malware that restricts access to a computer system and its data, generally through file encryption. Hackers will only release their devices and data after victims pay a ransom. Since the early days of ransomware, cyberattack technologies have significantly advanced.

Ransomware is not new. It has been around for decades, with the first attack taking place in 1989 when a disgruntled scientist dispersed 20,000 malware-infected floppy disks among attendees at the WHO’s international AIDS conference. The malware program known as AIDS Trojan only kicked in after users activated an infected computer 90 times. At that point, it encrypted file names and displayed a message demanding a $189 ransom for their release.

2017 saw sustained and highly professional ransomware attacks on hospitals worldwide, targeting vulnerabilities in medical devices. The WannaCry strain infected 1,200 diagnostic devices in the United Kingdom alone while restricting access to hundreds of thousands of computers worldwide. The FBI concluded that the North Korean government was directly responsible for the attacks.

Since then, Ryuk, a Russian ransomware gang, and SamSam, from Iran, have sparked a trend in major cyberattacks against health and academic institutions in the Western world. Many appear politically motivated, with several perpetrators stating they would not target Eastern countries in their cyberattacks. With the advent of cryptocurrency, ransomware strains, including CryptoLocker, CryptorBit, and CryptoWall, used the anonymous payment method to receive ransoms without the chance of detection. Crypto made ransomware a more convenient and popular way for cybercriminals to profit.

The upsurge in ransomware has prompted many health organizations to seek insurance covering network security breaches. As more companies join, this insurance industry sector is anticipated to grow by 25% annually over the next few years. Unfortunately, this doesn’t deter hackers, as, in many instances, insurance coverage provides them with more straightforward methods of payment.

Why Are Hospital Ransomware Attacks More Frequent?

Since 2020, at the height of COVID-19, assisted by cryptocurrencies and sophisticated smartphones, ransomware hackers have formed increasing numbers of gangs using the dark web ransomware platform Ransomware-as-a-Service (RaaS). They work together in Big Game Hunting (BGH) scenarios, targeting major hospitals, which they see as easier prey.

Recent advancements in artificial intelligence (AI) promote further sophistication in ransomware methods. Gangs use AI to aid in victim reconnaissance, often by searching the internet for personal employee details used in targeted phishing attacks, which is the starting point for many cybercrimes.

More significant gangs incorporate AI to find weak points and loopholes in AI-generated cybersecurity defense systems. Once inside, advanced ransomware strains, like Russia’s Notya and WannaCry, spread like wildfire using AI-driven automation to propagate throughout infected systems without detection.

Medical devices are still improving their built-in technologies to withstand this propagation, making them easier targets than many better-protected networked computer systems. Hence, medical software and hardware are a primary target for BGH attacks.

Essentially, we, the hospital patients, are the targets, and ransomware gangs identify this, especially with geopolitical forces influencing them. Health care is, by design, centered around those needing treatment. The targeted institutions are playing with patients' lives and must agree to the ransomware demands, as the implications of not doing so are often life-threatening.

Paying ransomware demands can be financially devastating, amounting to billions of dollars in all industries. In essence, though, hospitals are the easiest targets.

What Can Reduce Hospital Ransomware Threats?

In the current geopolitical climate, utilizing further government agencies, law enforcement, and military intelligence resources can combat health ransomware threats. Cyberattacks that threaten healthcare institutions and private citizens should carry the same severe federal penalties as those that occur beyond networks and computerized frameworks.

Hospital administrators should directly promote collaborative efforts, especially the sharing of security technologies related to ransomware defense. As cybercrime continues evolving, more concerted efforts regarding public-private health sector partnerships are essential to protecting every citizen.

Ransomware risk management must become a legal statute in every health institution instead of hospitals only taking action when an event occurs. Vigilance in expert staff hiring and elevated adherence to advanced cybercrime security integration should become integral to all hospital policies.

Understanding the Ransomware Problem

Initiatives like the recent United Nations meeting and future actions are only the beginning. The statistics show that ransomware attacks on hospitals, and in general, are increasing and will continue doing so until there is a greater understanding of their severity and potential consequences.

The UN has highlighted the need for change and progress, but the private sector and all security sectors, government or otherwise, must understand the problem and enforce change to combat it.