- This simple Kindle accessory has seriously upgraded my reading experience - and it's cheap
- You don't need to spend over $300 for a good smartwatch - this Android proves it
- I tested the viral sleep earbuds made by ex-bose engineers, and they're the real deal
- The best proxy server services: Expert recommended
- This Android smartwatch outruns the competition with a 100-hour battery life - and it's on sale
The Growing Threat of Ransomware-as-a-Service (RaaS) on Healthcare Infrastructure
According to the 2024 State of Ransomware report by Sophos, there was a 500% increase in ransom bills in the last 12 months. Moreover, an analysis by Comparitech revealed 181 confirmed ransomware incidents targeting healthcare providers in 2024, with 25.6 million records compromised.
Meanwhile, there were 42 more confirmed attacks on healthcare organizations not involved in direct care provision. These additional attacks amounted to over 115 million compromised records.
Now more than ever, Ransomware-as-a-Service (RaaS) platforms are being used to target hospitals, medical devices, and emergency response systems. In this RaaS model, skilled developers create and maintain ransomware tools, which they lease to affiliates.
These affiliates then execute attacks, sharing a portion of the illicit proceeds with the developers. This division of labor allows developers to focus on refining their malicious software while affiliates handle the operational aspects of the attacks.
In this article, we’ll explore how these attacks work and the factors that exacerbate them, as well as 2025 trends in combating ransomware attacks launched on healthcare infrastructure.
Healthcare Ransomware Attacks and Ripple Effects
When thinking about the risks of cyberattacks on healthcare organizations, there is a tendency to focus on compromised patient data and privacy and immediate disruption to healthcare delivery. However, the risks of these attacks extend beyond these, and that’s why they are particularly damning; they cause significant ripple effects, even beyond an affected target.
For instance, as a study by the University of California San Diego shows, an attack on a healthcare organization caused spillover effects to two untargeted hospitals, leading to an 81% increase in cardiac arrest cases. This is the story of many ransomware attacks targeting health delivery organizations. It also illustrates why securing healthcare infrastructure against ransomware and other cyber risks is the responsibility of all, not just individual organizations.
Worse, ransomware attacks have evolved in recent years and are no longer merely about encrypting data for ransom. Cybercriminals exfiltrate sensitive data and amplify pressure on organizations to comply with ransom demands since they now have to worry about data loss and the public exposure of confidential information.
In addition, the RaaS model has changed the game by enabling individuals with limited technical expertise to launch highly sophisticated ransomware attacks. This democratization of cybercrime has allowed ransomware attacks to scale even further. Against this backdrop, health delivery organizations and other stakeholders must arm themselves with robust cybersecurity measures.
Healthcare Infrastructure Ransomware Vulnerability
Before going over the solutions proposed, let’s look at some factors that heighten the risks of healthcare infrastructure vulnerability to ransomware:
-
Interconnectivity and Digitization: Paper records are unsustainable, but digitized records are not risk-free either. Advances in digitization mean that the records of hundreds of millions of people can be compromised in a single attack, as seen during the Change Healthcare ransomware attack in February 2024.
-
Legacy Systems: Synnovis, a key pathology services provider for multiple NHS hospitals in London, suffered a ransomware attack that caused a substantial financial impact. Losses were estimated at £32.7 million, far exceeding the company’s 2023 profits of £4.3 million. This attack, which, per reports, could have been prevented with two-factor authentication, underscores the risks associated with outdated systems.
-
Low Tolerance of Downtime: The inevitably time-sensitive nature of healthcare delivery also makes this industry more susceptible to cyber-attacks. Due to how critical healthcare services are, the urgency to restore operations often pressures providers into paying ransoms, which fuels the ransomware economy further.
-
Disruptive Objectives: Many ransomware attacks are not even primarily money-driven. Instead, the aim is to create chaos through public panic. According to a global survey, even when victims comply with ransom demands, data recovery is not guaranteed in 31% of cases. Ransomware attacks for the purpose of cyberwarfare fall in this category of attacks carried out purely or primarily for disruptive purposes.
Defending Against AI-powered Ransomware
Combating AI-powered Ransomware-as-a-Service in the healthcare industry requires a multi-pronged approach supported by decisive action. These are the latest trends in defending against these attacks in 2025.
Stricter Regulations and Compliance
Just as the curtains of the Biden administration drew to a close in December last year, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) proposed new regulations mandating that healthcare organizations implement advanced security measures.
These include mandatory multifactor authentication, network segmentation to limit the spread of intrusions, encryption of patient data to prevent unauthorized access, and more. The proposed rulemaking, which will modify the Health Insurance Portability and Accountability Act of 1996, aims to ensure greater cybersecurity enforcement and accountability.
Support for Healthcare Organizations
Following the previous point, drawing up stricter regulations makes it easier to defend against advanced ransomware; the hard part is in enforcement. This is an area where healthcare providers, particularly smaller entities, could use some help.
Thankfully, a bipartisan bill proposed in the Senate last November includes provisions for grants and assistance to help organizations comply with the new cybersecurity standards without compromising their financial stability.
AI-based Threat Intelligence
When it comes to AI, both the positive and negative possibilities are endless. In defending against advanced ransomware, using AI-based threat intelligence solutions is essential to enhance detection and facilitate real-time response and mitigation, especially in the healthcare industry with a low downtime tolerance, as discussed.
A promising study published in December 2024 introduced an AI-based solution that achieved a detection accuracy of 96.858% in real-time ransomware identification. This system employs complex algorithms to scrutinize network behaviors, swiftly pinpointing and mitigating ransomware threats before they can inflict significant damage. Similar innovations are required across healthcare infrastructure to defend against severe attacks.
Improved Cyber Insurance
Considering the spate of ransomware attacks, healthcare insurers increasingly require healthcare entities to implement stringent cybersecurity measures as a prerequisite for coverage. This includes deploying advanced threat detection systems, conducting regular security audits, and providing comprehensive staff training.
Such requirements reduce the risk of successful attacks and position organizations more favorably in terms of policy premiums and coverage terms. In addition, insurers can also be key to motivating health delivery organizations to shun practices that may inadvertently or otherwise encourage ransom payments.
Conclusion
The healthcare sector must move beyond reactive measures and embrace a culture of cybersecurity resilience. However, ultimately, healthcare infrastructure security is not just a technological issue but a societal one that requires collective responsibility and a commitment to safeguarding patient care and data in this increasingly digital world.
About the Author:
Michael Usiagwu is an Entrepreneur, Tech Pr Expert and CEO of Visible Links Pro. He assists various organizations to stay abreast of the latest technology. Some of his insightful content can be seen in Readwrite, InfoSecurity Magazine, Hackernoon, and lots more. He’s very much open to assist organizations to increase their latest technology development.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Fortra.
