A minimum of 14 million of patients in the U.S. have fallen victim to malware breaches, underscoring that healthcare organizations remain prime targets for cyberattacks, according to new research findings from SonicWall.
The cybersecurity provider asserts in its 2024 SonicWall Threat Brief — focused exclusively on the healthcare industry — that the increasing digitalization of health records and telehealth services significantly expands the attack surface. Healthcare organizations are an important vertical market for MSPs and MSSPs.
"To defend against cyber threats, healthcare organizations must implement a multi-layered cybersecurity strategy, focusing on regular updates, strong access controls, and 24x7x365 monitoring," SonicWall writes in its report.
SonicWall urges MSSPs and MSPs to implement robust security measures, monitor systems in real-time and ensure compliance with regulatory standards. Such a proactive approach to security helps healthcare providers defend sensitive patient data, minimize downtime and focus on delivering quality care.
SonicWall notes that many healthcare organizations operate with limited cybersecurity resources and often rely on outdated technology. This makes them even more susceptible to ransomware attacks, especially as the attacks grow in sophistication. In fact, SonicWall Capture Labs uncovered that 60% of vulnerabilities were used against Microsoft Exchange.
Lives on the Line
SonicWall cautions that disrupting access to patient data or medical systems can have life-threatening consequences. So, healthcare organizations are more likely to pay ransoms to restore operations quickly.
In 2024, 91% of malware-related data breaches in the healthcare sector involved ransomware. Lockbit emerged as one of the most notorious ransomware groups targeting healthcare, SonicWall reports.
For instance, Lockbit claimed responsibility for the breach of LivaNova and Panorama Eyecare, a medical device manufacturer, affecting over 180,000 U.S. patients, and an eyecare company affecting close to 400,000 individuals, according to SonicWall. Additionally, BlackCat (ALPHV) was implicated in the Change Healthcare data breach where a $22 million ransom was paid under false pretenses. That incident led to a subsequent ransom demand by another group, RansomHub.
Explaining the imperative behind SonicWall’s report, Hasib Vhora, senior threat researcher, sees ransomware attacks on the healthcare sector as a growing threat. Threat actor tactics involving crypto mining, data exfiltration and backdoor installation are also worrisome. Notably, 91% of breaches in healthcare involved ransomware, SonicWall reports.
“We have dissected an instance we encountered and felt it important to share to help bring awareness to this problem,” Vhora said in a press statement. “While security researchers are often very well equipped to handle and detect this situation, it is easy to become overconfident, leading to compromise.”
SonicWall notes that it has prevented 26,000 attacks on healthcare during 2024.