Healthcare cybersecurity has never been more important. As the most vulnerable industry and the biggest target for cybercriminals, healthcare is facing a growing wave of cyberattacks. When a hospital’s systems are held hostage by ransomware, not only data is at risk, but the care of patients who depend on life-saving treatment. Imagine an attack that causes emergency care to be halted, surgeries to be delayed, or a cancer patient’s private health information to be used for extortion. That’s the reality healthcare faces when cybercriminals exploit people in need. Since 2012, healthcare accounted for 17.8% of all breaches and 18.2% of devastating ransomware1outperforming other sectors such as finance, government and education.
This alarming rise in attacks shows one thing: poor cybersecurity hygiene is the root cause, and the consequences of failing to address these vulnerabilities are devastating. Organizations that neglect basic cybersecurity practices, such as software patching and network security, leave their systems open to attackers. More importantly, the risks are not just theoretical; they manifest themselves in frequent violations that cause real harm.
Health care vulnerabilities
While many industries suffer financial and reputational damage from cyberattacks, healthcare faces a much greater risk. Hackers know they’re not just targeting data or systems—they’re holding something far more valuable in their hands: life itself. The healthcare sector is a particularly vulnerable target for cybercriminals for several reasons. First, the industry’s reliance on interconnected systems that support everything from patient records to life-saving devices creates a broad surface for attacks. In addition, healthcare systems often contain sensitive personal information, making them attractive targets for extortion and data theft.
In one example, the October 2024 CommonSpirit Health ransomware attack1 resulted in hospitals being forced to postpone medical procedures and divert emergency care, significantly impacting patient safety. Another troubling case was the November 2024 break-in at the Fred Hutchinson Cancer Center, where criminals extorted patients by threatening to reveal their private health information.
The vulnerability of healthcare systems is exacerbated by poor cybersecurity hygiene.
Understanding the correlation between hygiene events and disorders
A thorough analysis of 1454 destructive ransomware events between 2016 and 20232 provides important insight into the link between poor cybersecurity hygiene and attack frequency. The findings show that organizations rated D or F have 35 times the incidence of destructive ransomware compared to organizations rated A. This stark contrast underscores the importance of maintaining strong cybersecurity practices.
Criminals target systems with vulnerabilities in key areas such as unpatched software, unsafe network services, and unencrypted web communications. These flaws provide easy entry points for attackers, allowing them to compromise critical systems and ultimately hold organizations hostage with ransomware.
Organizations with good cybersecurity hygiene—those that regularly patch vulnerabilities, secure their networks, and encrypt sensitive messages—are far less likely to experience breaches. However, many healthcare facilities do not adhere to these standards, making them prime targets for attackers.
Consequences of poor cyber security hygiene
In an environment where patient safety depends on the availability of healthcare systems, the consequences of poor cybersecurity can be life-threatening. Destructive ransomware that encrypts systems and disables operations poses a significant risk. For hospitals, downtime can mean the difference between life and death for patients who rely on critical care services.
The data underscores the consequences of ignoring basic cybersecurity practices. According to Mastercard, healthcare organizations with D or F ratings have 16.6 times more breaches than A-rated organizations1. These organizations not only expose themselves to more frequent attacks, but also face more serious consequences, such as the inability to provide assistance at critical moments.
How healthcare can improve its cybersecurity hygiene
Improving cybersecurity hygiene in healthcare is not just about responding to attacks; it’s about proactively eliminating vulnerabilities before they can be exploited. Here are the main strategies that healthcare organizations can adopt:
1. Constant monitoring
Cyber security hygiene needs to be constantly monitored. Organizations should conduct regular audits of their systems to identify vulnerabilities and promptly implement fixes. This includes third party risk monitoringas healthcare systems often integrate with external providers whose safety hygiene may not meet the required standards. Any third-party provider that is connected to the healthcare system via a digital/internet connection presents a risk and must be evaluated.
2. 24×7 security operations
With ransomware detonating at all hours, including weekends and holidays, it is critical for healthcare organizations to maintain security 24×72. In fact, 46% of ransomware attacks take place from Friday to Sunday2a period in which many organizations have cut their cybersecurity staff. National holidays are another favorite for hackers, and instead of cutting staff, it makes more sense to increase staff.
3. Third Party Risk Management
Given the interconnected nature of healthcare, third party suppliers are often a place of vulnerability. Cybercriminals target suppliers, partners, and other third-party organizations that may have weaker cybersecurity defenses. Healthcare organizations must closely monitor the cybersecurity hygiene of their vendors, ensuring they meet high standards of protection, and continuously monitor them for potential vulnerabilities.
Vendors associated with third-party vendors must also be evaluated. While this sounds like a lot of work, the right solution can prioritize risks by identifying critical issues rather than lumping all threats together. Accuracy of reporting is key and it is essential to be effective in risk management by being able to easily share risk assessments and action plans with suppliers.
4. Regular patching and encryption
Keeping your software up-to-date is a basic but important cybersecurity practice. Healthcare organizations should prioritize patching software vulnerabilities and protecting network services, such as Remote Desktop Protocol (RDP), which are often used by attackers. Moreover, ensuring the transmission of sensitive data over secure encrypted channels is vital to prevent unauthorized access.
5. Incident Response and Recovery Planning
Preparation is key. Healthcare organizations should have well-developed incident response plans that are regularly reviewed and updated. This includes backup strategies to ensure rapid recovery of critical data and systems in the event of a ransomware attack. Having these systems in place minimizes operational downtime and mitigates the potential impact of a cyber attack.
Case Study: How Mastercard Cybersecurity’s RiskRecon TPRM Solution Makes a Difference
Mastercard cards RiskRecon TPRM solution plays a key role in improving cybersecurity hygiene in a variety of industries, including healthcare. Through continuous monitoring and detailed third-party risk assessment, RiskRecon provides healthcare organizations with the information they need to improve security and reduce risk.
By assigning A to F cybersecurity hygiene ratings for multiple domains, including software patching, network filtering, and web encryption, RiskRecon helps organizations identify their weaknesses and prioritize improvements. This proactive approach greatly reduces the likelihood of a ransomware breach or disruptive event.
What’s more, RiskRecon’s platform allows healthcare organizations to benchmark their security against industry peers, ensuring continuous improvement and accountability.
With Mastercard’s unique understanding of the digital ecosystem, processing 143 billion transactions annually, the company offers exceptional accuracy in assessing and protecting the digital environment.
The Road Ahead: Strengthening Cybersecurity in Healthcare
The growing threat of cyberattacks on the healthcare sector requires an urgent, coordinated response. Organizations cannot afford to wait for an attack before taking action; they must take a proactive stance in cybersecurity hygiene.
While the task may seem daunting, data from Mastercard’s research clearly shows that good cybersecurity hygiene dramatically reduces the likelihood of a successful attack. Healthcare organizations must invest in the right tools, practices and partnerships to protect their systems and ensure they can continue to deliver the services they need without disruption.
RiskRecon from Mastercard offers the solutions healthcare organizations need to improve cybersecurity and protect their patients. Using real-time assessments and detailed cybersecurity hygiene ratings, RiskRecon helps healthcare organizations and their suppliers reduce risk and prevent ransomware attacks.
Download the full version to learn more about how your organization can protect itself from ransomware ransomware report or request a demo to learn more about Mastercard Cybersecurity services.
-
“Cybersecurity Hygiene in the Healthcare Sector – Why Benchmarking is Required to Improve Performance” 16 January 2024.
- “The State of Ransomware in 2024April 2024
