Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and the top target for cybercriminals, healthcare is increasingly exposed to waves of cyberattacks. When hospital systems are held hostage by ransomware, it’s not just data that’s at risk; it’s the care of patients who rely on life-saving treatments. Imagine an attack disrupting emergency care, postponing surgeries, and using the personal medical information of cancer patients for blackmail. This is the reality facing healthcare as cybercriminals exploit those who need care. Since 2012, healthcare has accounted for 17.8% of all breach events and 18.2% of destructive ransomware events.1It outperforms other sectors such as finance, government and education.
This alarming increase in attacks demonstrates one thing clearly: poor cybersecurity hygiene is the root cause, and the consequences of not addressing these vulnerabilities are devastating. Organizations that neglect basic cybersecurity practices, like patching software and securing their networks, leave their systems exposed to malicious attackers. More importantly, the risk is not merely theoretical, but manifests as frequent breaches that result in real-world damage.
Healthcare Vulnerabilities
While many industries have suffered financial and reputational damage from cyber attacks, the healthcare industry faces a much more serious risk. Hackers know that they are not just after data and systems, but something far more valuable: life itself. The healthcare industry is a particularly vulnerable target for cybercriminals for several reasons. First, the healthcare industry’s reliance on interconnected systems that support everything from patient records to life-saving equipment creates a wide attack surface. Additionally, healthcare systems often contain sensitive personal information, making them an attractive target for extortion and data theft.
One example is the CommonSpirit Health ransomware attack in October 2024.1 As a result, hospitals have had to delay medical procedures and redirect emergency care, with significant implications to patient safety. Another concerning incident was the break-in at Fred Hutchinson Cancer Center in November 2024, where criminals extorted money from patients by threatening to leak their personal health information.
The vulnerability of our health systems is exacerbated by poor cybersecurity hygiene.
Understand the correlation between hygiene and non-compliance events
An in-depth analysis of 1,454 destructive ransomware incidents from 2016 to 20232 It provides important insight into the correlation between poor cybersecurity hygiene and frequency of attacks. Survey results show that organizations rated D or F experience 35 times more frequent destructive ransomware events compared to organizations rated A. This stark contrast highlights the importance of maintaining a strong cybersecurity posture.
Criminals target systems that have vulnerabilities in fundamental areas such as unpatched software, insecure network services, and unencrypted web communications. These weaknesses provide attackers with easy entry points to compromise critical systems and ultimately hold organizations hostage with ransomware.
Organizations with good cybersecurity hygiene — those that regularly patch vulnerabilities, secure their networks, and encrypt sensitive communications — are much less likely to experience a breach, but many healthcare organizations don’t adhere to these standards, making them ideal targets for attackers.
The Consequences of Poor Cybersecurity Hygiene
In an environment where patient safety depends on the availability of healthcare systems, poor cybersecurity can have life-threatening consequences. A devastating ransomware event that encrypts systems and disables their operation poses a significant risk. For hospitals, downtime can mean the difference between life and death for patients who rely on their life-saving medical services.
The data shows the consequences of neglecting basic cybersecurity measures: According to Mastercard, healthcare organizations with a D or F rating experience 16.6 times more breach events than organizations with an A rating.1Not only will these organizations be subject to more frequent attacks, but they will also face more severe consequences, including the inability to provide care at critical times.
How the healthcare industry can improve their cybersecurity hygiene
Improving cybersecurity hygiene in healthcare is not just about reacting to attacks. It’s also important to be proactive and address vulnerabilities before they are exploited. Here are some key strategies healthcare organizations can adopt:
1. Continuous monitoring
Cybersecurity hygiene must be monitored continuously. Organizations must regularly conduct audits of their systems to identify vulnerabilities and implement remediation promptly. This also includes monitoring for third-party risks, as health systems often integrate with external vendors whose security hygiene may not meet the required standards. Any third-party vendors connected to the health system through digital/internet connections pose risks and must be evaluated.
2. 24/7 security operations
Ransomware can explode at any time, including weekends and holidays, so it is important for healthcare organizations to maintain 24/7 security operations.2In fact, 46% of ransomware attacks occur between Friday and Sunday.2This is the time of year when many organizations are cutting back on their cybersecurity staffing. National holidays are also hackers’ favorite times of the year, so it’s better to build more staffing than less.
3. Third-Party Risk Management
Due to the interconnected nature of healthcare, third-party vendors are often points of vulnerability. Cybercriminals target suppliers, partners, and other third-party entities that may have weaker cybersecurity defenses. Healthcare organizations must scrutinize the cybersecurity hygiene of their suppliers to ensure they meet high standards of protection and continually monitor for potential vulnerabilities.
You should also assess vendors that connect with third-party providers. This may seem like a daunting task, but with the right solution, you can identify key issues and prioritize risks instead of lumping all threats together. Accuracy in reporting is key, and being able to easily share risk assessments and action plans with vendors is essential to address risks efficiently.
4. Regularly patch and encrypt
Keeping software up to date is a fundamental but critical part of cybersecurity. Healthcare organizations must prioritize patching software vulnerabilities and securing network services such as Remote Desktop Protocol (RDP), which are frequently exploited by attackers. Additionally, ensuring that sensitive data is transmitted over secure encrypted channels is essential to prevent unauthorized access.
5. Incident response and recovery planning
Preparation is key. Healthcare organizations must have a well-developed incident response plan that is regularly practiced and updated. This includes a backup strategy to ensure critical data and systems can be quickly restored in the event of a ransomware attack. Having these systems in place can help minimize operational downtime and mitigate the potential impact of a cyberattack.
Case Study: How Mastercard Cybersecurity’s RiskRecon TPRM Solution is Making a Difference
Mastercard’s RiskRecon TPRM solution plays a critical role in improving cybersecurity hygiene across industries, including healthcare. Through continuous monitoring and detailed assessment of third-party risks, RiskRecon provides healthcare organizations with the insights they need to improve their security posture and mitigate risk.
RiskRecon helps organizations identify vulnerabilities and prioritize areas for improvement by assigning a cybersecurity hygiene rating from A to F across multiple domains, including software patching, network filtering, web encryption, etc. This proactive approach significantly reduces the likelihood of a breach or devastating ransomware event occurring.
Additionally, the RiskRecon platform enables healthcare organizations to compare their security performance against industry peers, driving continuous improvement and accountability.
Mastercard leverages its unique insight into the digital ecosystem that processes 143 billion transactions each year to deliver unmatched precision in assessing and securing the digital environment.
Looking ahead: Strengthening cybersecurity in healthcare
The growing threat of cyber attacks on the healthcare sector requires an urgent and coordinated response. Organizations cannot afford to wait until an attack occurs before taking action; they must take a proactive stance on cybersecurity hygiene.
While this task may seem daunting, Mastercard research data shows that strong cybersecurity practices significantly reduce the likelihood of a successful attack. Healthcare organizations must invest in the right tools, practices and partnerships to protect their systems and ensure critical care can continue without interruption.
Mastercard’s RiskRecon provides the solutions healthcare organizations need to improve their cybersecurity posture and protect their patients. By leveraging real-time assessments and detailed cybersecurity hygiene evaluations, RiskRecon helps healthcare organizations and their suppliers reduce risk and prevent ransomware attacks.
To learn more about how your organization can protect itself against ransomware, download our full ransomware report or request a demo to learn more about Mastercard’s cybersecurity services.
-
“Cybersecurity Hygiene in the Healthcare Sector – A Case for Essential Benchmarking to Improve Performance” January 16, 2024
- “The State of Ransomware in 2024” April 2024