Third Time’s Not the Charm for Healthcare Ransomware Attacks

By David Burda, News Editor & Columnist, 4sight Health
LinkedIn: David R. Burda
LinkedIn: 4sight Health
X: @davidrburda

Once is news. Twice is a trend. The third time is old news.

That’s one approach to covering a beat if you’re a reporter.

If you’re running a healthcare business, ransomware attacks are old news. You know they’re coming, and you should be ready for them and be able to prevent them or at least react to them effectively to protect your business and your customers.

That’s what makes what happened to Change Healthcare so frustrating to watch. The ransomware attack was a matter of when, not if, yet the company wasn’t prepared for it, able to prevent it or respond to the attack effectively to protect its business and customers.

For our take on it, please listen to the March 7, 2024, episode of our 4sight Health Roundup podcast, “Lessons Learned From the Change Healthcare Ransomware Attack,” on 4sighthealth.com.

How do we know ransomware attacks on healthcare businesses are old news? Let’s look at the last three annual reports published by the FBI’s Internet Crime Complaint Center, or IC3. IC3 issued its most recent annual report earlier this month.

One of the many things IC3 does is track ransomware attacks on critical infrastructure sectors of the U.S. economy. Healthcare and public health are one of the 16 critical infrastructure sectors monitored by IC3.

  • In 2021, healthcare and public health ranked first with the most ransomware attacks with 148. A distant second was financial services with 89. The defense industrial base had one.
  • In 2022, healthcare and public health ranked first with the most ransomware attacks with 210. A distant second was critical manufacturing with 157. The defense industrial base had one.
  • In 2023, healthcare and public health ranked first with the most ransomware attacks with 249. A closer second was critical manufacturing with 218. The defense industrial base had two.

News. A trend. Old news. When IC3 releases its annual report about this same time next year, my hunch is it will be old news again with healthcare getting hit with the most ransomware attacks.

Healthcare knows it’s coming. The question is, will it be prepared next time?

Another question is, what are businesses in the defense sector of the economy doing that healthcare businesses aren’t? The answers and solutions are clearly there. It just takes the will and investment to adopt them and protect healthcare consumers.

Thanks for reading.

To learn more about this topic, please listen to the March 30, 2023, 4sight Health Roundup blog post, “Ransomware, Cybersecurity and Healthcare,” on 4sighthealth.com.

This article was originally published on 4sight Health and is republished here with permission.