Why are healthcare organizations so prone to ransomware and other various cyber attacks? There are a few reasons why they’re so susceptible including historically weaker infrastructure and a willingness to pay out a higher ransom.

Weaker Infrastructure makes them more vulnerable

Healthcare was one of the last industries to convert to electronic records, and when they did convert, it was quick. According to a government study, in 2008, only 9% of hospitals used electronic records, then in 2014, 97% used electronic records. With so many organizations converting over to electronic records, there were numerous with vulnerable security infrastructure.

They are more likely to pay a higher ransom

Healthcare organizations have far more to risk. On the dark web, an individual healthcare record goes for close to $400, which is 2.5 times the average over all industries, according to the Ponemon Institute. Criminals receive more than just ransom money. This is because criminals receive patient’s most personal information including social security number, credit card data, medical history, employment information, address, and email address. This data can be used for more than just fraud, identity theft, and phishing attacks. It can be used to steal research and development, manipulate stocks, and much more. Not to mention the fact that hospitals and other healthcare organizations need to have this data available to them in order to keep some patients alive.

Here are the 10 most sickening healthcare ransomware statistics:

10 Sickening Ransomware Statistics:
1. Healthcare is the #1 cyber attacked industry.
2. 45% of all ransomware attacks in 2017 involved healthcare organizations.
3. Costs from ransomware damage are expected to rise to $11.5 billion in 2019.
4. By 2019, healthcare organizations are expected to fall victim to a ransomware attack every 14 seconds. 
5. In 2017, it took an average of 308 days for a healthcare organization to discover it had suffered a breach. 
6. Attacks making it past existing security can cost victim organizations over $5 million primarily from a loss in employee productivity, information theft, and downtime. 
7. 77% of successful attacks in 2017 were from fileless techniques that completely bypassed the victim company's antivirus protection. 
8. Nearly 1 in 5 healthcare domain emails were fraudulent in 2017. 
9. Over 50% of IT professionals believe their industry isn't ready to handle a ransomware or other cyber security threats. 
10. 40 million ransomware attacks were detected using malicious URLs or attachments against healthcare providers in Q3 2017.


Ponemon Institute – 2018 Cost of a Data Breach Study by Ponemon
The Office of the National Coordinator for Health Information Technology – Adoption of Electronic Health Record Systems among U.S. NonFederal Acute Care Hospitals: 2008-2014
Cybersecurity Ventures – Ransomware Damage Report 2017

Do you know what your risk of being attacked with ransomware, malware, or spyware is?

Kraft can help you determine it. In fact, we’re doing it for FREE right now.

Get a FREE Ransomware Vulnerability Score