Surge in Ransomware-as-a-Service attacks in healthcare sector partly byproduct of choices made in C-suite


A recent study claims that ransomware attacks have increased 350 percent in the past year. This mirrors other reports, including one by Blackberry Cylance, outlining a similar upsurge in such attacks against the healthcare sector across the U. S. and Europe. In December 2019, Cylance disclosed findings related to Zeppelin Ransomware-as-a-Service (RaaS), which targeted IT vendors and healthcare providers.



Healthcare providers are often low-hanging fruit for hackers, as the healthcare sector ranked eighth out of 10 sectors (1=best, 10=worst) in Cyberhedge’s cyber governance rankings by sector.

Unlike most other sectors, the healthcare industry’s use and protection of data has been regulated through HIPPA for years. However, the sector still continues to be a significant laggard in protecting data and systems from attack. And, although breaches of medical records dominate news headlines, ransomware attacks are actually the most disruptive and financially costly attacks deployed against the sector—and what healthcare companies should be most concerned about.

Words used to describe technology in healthcare today often include “revolutionary,” “growth driver,” “unparalleled operational efficiencies.” But, prioritization of growth and cost-efficiencies over security has led to healthcare companies’ cyber governance underperformance for some of the following reasons:

  • Growth through acquisition. Policy trends have accelerated growth via M&A, leading to increasingly complex and more difficult-to-manage networks that exponentially increase the number of vulnerabilities. This has long been healthcare’s chosen strategic growth path.
  • Accelerated third-party outsourcing. The corporate drive for greater efficiency and cost savings has created additional supply chain vulnerabilities most companies haven’t considered when making strategy decisions about outsourcing. Few industries can rival the complexity of a healthcare company’s supply chain.
  • Increased reliance on IoT. Operational processes often combined with sensors and data transmission execute critical functions that were previously entirely analog-driven. This has significantly increased not only cost-efficiency and productivity, but also vulnerability. Healthcare’s full embrace of technology is well-documented, and now the sector is forced to more urgently reckon with the security consequences of this adoption.

This should be a concern not just for healthcare executives but investors and regulators. There are examples of healthcare companies striking the right balance between growth, cost, and security (i. e. Gilead Sciences, Inc., a Cyberhedge 5-star company for cyber governance). But, at a sector level, the underperformance in cyber governance paired with increasing business disruption attacks mean that breaches and losses will continue to accelerate.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website