# Most Healthcare Providers Remain Highly Vulnerable To Ransomware Attacks

A recent report by cybersecurity firm Claroty has revealed that nearly 90% of healthcare organizations are insecurely connected to the internet and running systems vulnerable to exploitation by ransomware gangs. The alarming findings, which were based on data from over 350 healthcare organizations, have significant implications for patient care and the overall financial stability of these institutions.

The report found that a staggering 78% of healthcare organizations have made ransomware payments of $500,000 or more, highlighting the devastating economic impact of these attacks. According to Ty Greenhalgh, industry principal of healthcare at Claroty, the inability to provide patient care is one of the primary costs associated with healthcare cybersecurity incidents. "When systems are locked down by ransomware or disrupted by cyberattacks, hospitals may be forced to divert patients, cancel procedures or revert to manual operations," he explained. "This not only impacts revenue but also poses serious risks to patient safety."

The financial burden of ransomware attacks on healthcare organizations extends far beyond the initial payment. Greenhalgh pointed out that costs can add up quickly due to factors such as regulatory fines, class action lawsuits, and the provision of identity protection services for affected patients. For instance, a breach affecting 2 million patients could result in a $300,000 cost just for mailing notifications, which would combine with forensic investigations, system recovery, lost revenue, and reputational damage to reach millions or even billions of dollars.

The riskiest exposure facing healthcare organizations right now is internet-facing devices that have known exploitable vulnerabilities (KEVs) linked to ransomware attacks in the wild. KEVs refer to security flaws that have been actively exploited by cybercriminals, posing an immediate risk to systems and requiring urgent remediation. According to Greenhalgh, these devices are "actively communicating outside the health system, have been compromised in attacks against other organizations, and remain a prime target for cybercriminals."

The traditional cybersecurity tools and processes used by healthcare providers are not addressing these vulnerabilities adequately, according to Greenhalgh. "Healthcare organizations often struggle to stay on top of cybersecurity best practices because of how quickly the threat landscape is evolving and how complex their operating environments are," he stated. Historically, humans were the weakest link in cybersecurity, with phishing and social engineering being the primary entry points for attackers. However, since 2024, hands-on-keyboard system exploitation has surged, making direct system hacking just as prevalent.

Cybercriminals won't stop targeting healthcare providers, so it's essential to focus on raising barriers to lateral movement and privilege escalation, which are key steps in ransomware attacks. These steps enable attackers to spread across a network, gain higher-level access, and maximize damage by encrypting an organization's critical systems and data. However, healthcare providers have a very tall task in front of them when it comes to elevating risk barriers. "This requires strong cybersecurity basics, including device identification, communication mapping, network segmentation and vulnerability management — all of which are difficult to achieve," Greenhalgh declared.

In conclusion, the alarming findings from Claroty's report highlight the urgent need for healthcare organizations to address their internet-facing devices' vulnerabilities and improve their cybersecurity posture. By raising awareness about these risks and implementing effective measures to mitigate them, we can reduce the devastating impact of ransomware attacks on patient care and financial stability.