Ransomware makes up over half (54%) of all cyber-threats targeting the health sector in the EU, a new report from the European Union Agency for Cybersecurity (ENISA) has found.
The EU agency’s first cyber-threat landscape for the health sector analysis revealed that patient data, such as electronic health records, were the most targeted assets (30%) by ransomware actors. Additionally, nearly half (46%) of all incidents aimed to steal or leak health organizations’ data.
Despite the prevalence of ransomware attacks targeting healthcare, the report found that just 27% of surveyed organizations have a dedicated ransomware defense program.
Ransomware attacks on hospitals have been linked to patient deaths in recent years, as well as disruption to services.
The reporting period, from January 2021 to March 2023, covered a large portion of the COVID-19 pandemic, in which the healthcare sector became a lucrative target for threat actors. On a number of occasions, patient data was leaked from government COVID-19 systems or laboratories. Insiders, both malicious and accidental, and poor security practices were identified as the primary causes of these leaks.
ENISA’s analysis found that the vast majority of attacks (83%) were financially motivated, driven by the value of patient data.
However, the authors noted that other groups, including state-sponsored actors and hacktivists were also active in this period. This led to an increase in DDoS attacks against health organizations, with a particular spike in 2023 when European hospitals and health authorities were targeted by pro-Russian groups.
Overall, 10% of attacks were driven by “ideological motivation,” according to the report.
Healthcare providers accounted for over half (53%) of the total incidents, with hospitals alone at 42%. Health authorities, bodies and agencies (14%) and the pharmaceutical industry (9%) were also major targets.
Breach or data theft was the most common impact of cyber-incidents on the healthcare sector (43%), followed by disruption of non-healthcare services (25%) and disrupted healthcare services (22%).
Commenting on the findings, Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea, said that healthcare organizations must treat ransomware defense as a top priority.
“Ransomware is such a catastrophic threat that it can inadvertently increase risk to loss of life if systems are down for a long period of time, which is why ransomware gangs target time sensitive systems that need a fast response to cyber-attacks.
“Professionals must become ransomware resilient, using a strong cyber awareness strategy, a ransomware ready backup and recovery plan, strong access controls with multifactor authentication (MFA) and privileged access security.
“As with one’s health – treating the symptom can be a greater cost than preventing the illness,” Carson explained.