More Than One in Four Ransomware Attacks on Healthcare Organizations Affect Patient Care—Here’s How To Better Protect Yourself

By: Collin Couey on May 21, 2024
On this page:

According to Software Advice’s 2024 Healthcare Data Security Survey,* 87% of data held by today’s medical practices is digital. That means the vast majority of medical data is vulnerable to cyberattacks and data breaches, which can lead to privacy violations for patients and compliance violations for practices. This threat is compounded by the sheer volume and complexity of data that medical practices must organize and protect.

In fact, 50% of healthcare organizations in the U.S. have experienced a data breach, with 32% experiencing one in the last three years.

Percentage of healthcare organizations that have experienced a data breach in the last three years

To help keep data more secure, healthcare organizations need to increase their employee training, and create, maintain, and update a cybersecurity response plan.

Key findings:

  1. 42% of practices have experienced a ransomware attack, and of those, 48% say the attack impacted customer data.

  2. Only 63% of healthcare organizations have a cybersecurity response plan in place.

  3. 55% of the medical practices we surveyed allow access to more data than employees need to do their job

42% of practices have experienced a ransomware attack

Nearly half (48%) of ransomware attacks on medical practices impact patient data—and more than one in four impact patient care (27%). This highlights the specific vulnerability that medical practices have compared to other types of businesses. 

For most businesses, downtime resulting from a cyberattack impacts production, profits, and even reputation—but when systems go down at a healthcare facility, medical records become inaccessible, devices malfunction, and critical procedures are delayed.

Not only are practices the target of ransomware attacks, but more than one in three (34%) fail to recover patient data from their attackers. This leaves important patient data in the hands of hackers and compromises a patient’s safety even if backups of the data are available.

Percentage of healthcare organizations that recovered data from attackers after ransomware attack

That’s why having a cybersecurity response plan is critical to helping prevent and protect patient data from cybersecurity attacks, as well as for the long-term profitability and growth of your practice. 

Only 63% of healthcare organizations have a cybersecurity response plan in place

A cybersecurity response plan is a documented process that details how those involved in a cybersecurity attack should respond to security breaches. Creating, maintaining, and updating your cybersecurity response plan can lead to quicker response times to security breaches, which might give you the time to recover patient data before malicious attackers can access it. 

Only 63% of surveyed healthcare organizations have a plan in place, leaving 37% without one.

A cybersecurity response plan typically includes these elements:

  • A formal definition of a cybersecurity incident, including severity ratings and prioritization protocols

  • Defined roles and responsibilities to identify who is responsible for each task

  • Documented communication protocols

  • Reporting requirements and contact forms

By making sure everyone knows their role and responsibilities ahead of an attack, there’s no ambiguity about what any one person should be doing to help stop the breach and recover patient data. Without a formalized plan in place, your IT staff might have several people focused on the same problem, potentially allowing a more important issue to persist and leading to an increase in lost time and data.

If your practice is among the 37% that don’t have a cybersecurity response plan in place, you should make it a priority. 

55% of the medical practices allow access to more data than employees need to do their job

Human error results in nearly the same amount of data breaches as targeted, malicious attacks against data security.

Main causes of data breaches in healthcare organizations

In 2023, 74% of healthcare organizations spent fewer than 5 hours on IT security and data privacy training for their employees, with 35% spending 2 hours or less. 

To prevent data breaches, healthcare organizations should devote more time and energy to staff training to help them recognize potential attacks like phishing scams. To mitigate cybersecurity threats, it’s critical that employees are only provided access to the data needed for their role. 

Medical practices must focus on strategies such as restricting network privileges, strengthening access policies, and deploying network segmentation so that access to some data doesn’t mean access to all of it.

What does this mean for doctors?

Let’s recap the highlights:

  • Cybersecurity attacks have been on the rise in recent years, and nearly half of all healthcare organizations have experienced a ransomware attack

  • 37% of healthcare organizations don’t have a cybersecurity response plan in place.

  • Medical practices often allow access to more data than employees need to do their job which makes them more vulnerable to attacks

To help mitigate cybersecurity threats, healthcare organizations must create, maintain, and update a cybersecurity response plan that includes defined roles and responsibilities, communication protocols, and a prioritization list. 

Additionally, practices should implement user-based controls that limit who can access which data while simultaneously implementing more strict password protocols to hold users accountable.

Finally, healthcare organizations need to increase the amount of employee training required to help staff recognize malicious attacks such as phishing so that they are better able to help stop data breaches and report suspicious activity.

If you’re interested in reevaluating your cybersecurity software or medical software stack, reach out to a software advisor by scheduling a call or chatting for a free software consultation.


Survey methodology

*Software Advice’s 2024 Medical Cybersecurity Survey was conducted online in March among 296 respondents working at healthcare organizations in the U.S. to learn how medical practices are fighting back against cyber threats. Respondents were screened to have IT management, data security, data management, or security training or audit responsibilities. Organizations that outsource 100% of their IT management or cybersecurity needs were excluded from participating.