In recent cybersecurity incidents, two healthcare organizations, Frederick Health and New York Blood Center Enterprises (NYBCe), are dealing with substantial disruptions due to ransomware attacks that occurred within the past week.
Frederick Health issued a statement on January 27, revealing that it had “recently identified a ransomware event.” The organization is currently collaborating with third-party cybersecurity experts to mitigate the incident and restore its systems.
Despite most facilities continuing to operate and provide patient care, Frederick Health has confirmed the closure of its Village Laboratory and warned that patients might face delays in services.
On the other hand, NYBCe, a nonprofit comprised of multiple independent blood centers, detected anomalous activity in its IT systems on January 26. By January 29, the organization informed the public that it had taken its systems offline to address the ransomware threat. Efforts are being made to restore functionality, but the timeline for full operational recovery is uncertain, with anticipated delays in processing blood donations at their centers and during external blood drives.
Neither organization has disclosed details regarding the identity of the attackers or whether any sensitive data was compromised. At this time, no ransomware groups have claimed responsibility for the assaults.
A Never-Ending List
Ransomware attacks are increasingly prevalent within the healthcare sector, where the repercussions extend beyond financial concerns to potentially jeopardizing patient safety.
As reported in a 2024 Microsoft study, nearly 400 healthcare organizations in the United States fell victim to ransomware attacks, with average ransom payments escalating to $4.4 million. The downtime associated with recovery efforts has been estimated to cost these organizations upwards of $900,000.
Healthcare providers manage extensive records, including patient health information and financial documentation, which are all vulnerable during such breaches.
Heath Renfrow, co-founder of Fenix24, notes that “Many healthcare organizations operate with limited cybersecurity budgets and staff, often placing direct patient care ahead of IT security investment.” The multitude of endpoints, third-party vendors, and interconnected systems creates a considerable attack surface, compounded by the difficulty in taking systems offline for essential maintenance.
When adversaries successfully infiltrate these organizations’ networks, they typically aim to extract sensitive data to extort the institutions, fully aware that healthcare providers are under pressure to secure patient safety and continuity of care. Such attacks heighten the stakes, as healthcare organizations are often prime targets due to their crucial nature of service delivery.
The high ransom payments are indicative of the dire situation faced by healthcare providers, who often prioritize securing access to their data over the cost of paying off criminals.
Strategizing Against Wayward Morals
The fight against ransomware is challenging for many organizations. These groups have demonstrated their capacity to adapt quickly, employing evolving tactics and technologies to bypass newly developed defenses.
Renfrow points out that while some ransomware groups claim to avoid targeting hospitals due to ethical considerations, evidence suggests that such promises are often not upheld, with critical care facilities still falling prey. Healthcare organizations have an ethical obligation to protect patient information while ensuring operational resilience; however, balancing cybersecurity investments against the imperative to deliver patient care is a continuous struggle.
Improvements in cybersecurity protocols across the healthcare sector are essential to protect patient welfare and institutional integrity over time.
Recently, the Advanced Research Projects Agency for Health (ARPA-H) announced a commitment of $50 million to enhance cybersecurity resilience within healthcare, focusing on software development to address vulnerabilities.
The initiative, titled Universal Patching and Remediation for Autonomous Defense (Upgrade), emphasizes collaboration among hospital IT personnel, equipment managers, and cybersecurity experts to identify and mitigate vulnerabilities effectively.
Moreover, the Department of Health and Human Services (HHS) recognizes the importance of enhancing healthcare cybersecurity programs, particularly after a significant breach involving a subsidiary of United Healthcare, targeted by the BlackCat ransomware group.
To strengthen their defenses, Renfrow suggests that healthcare institutions prioritize implementing immutable backups with guaranteed return-to-operations (RTO) to ensure immediate restoration of services following an attack—effectively minimizing operational disruption and the likelihood of ransom payments.
In the current landscape, he emphasizes that “true resilience is the ultimate security guarantee.”
