Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

3 min read

What is cyber extortion in healthcare?

What is cyber extortion in healthcare?

Cyber extortion holds sensitive data until a ransom is paid, jeopardizing healthcare. Cybersecurity, effective incident response, and collaboration can protect patient info and mitigate the impact.


Understanding cyber extortion

Cyber extortion refers to using technology and intimidation to coerce individuals or organizations into paying a ransom or facing the consequences of data exposure or system disruption. It may target hospitals, clinics, or other healthcare providers to gain access to sensitive patient data, including personal information, medical records, and financial details.


Methods and techniques

Cybercriminals employ various methods and techniques to carry out cyber extortion attacks. Some common approaches include:


Ransomware attacks

Ransomware is malicious software that encrypts files on a victim's computer system, rendering them inaccessible until a ransom is paid. Cybercriminals often use phishing emails or exploit vulnerabilities in software to deliver ransomware to healthcare organizations.


Distributed denial of service (DDoS) attacks

DDoS attacks involve overwhelming a target's network or website with an influx of traffic, causing it to become inaccessible to users. Cybercriminals may threaten to launch a DDoS attack unless a ransom is paid.


Data breaches 

Cybercriminals may gain unauthorized access to sensitive data, such as patient records or intellectual property, and threaten to expose or sell it unless a ransom is paid.

Go deeper: 

Impact on healthcare

The impact of cyber extortion in the healthcare industry can be devastating. Here are some of the consequences that healthcare organizations may face:


Financial losses

Ransom payments can cause financial loss for healthcare organizations. Recovering from an attack and legal liabilities can strain their resources.


Compromised patient data

The exposure of patient data can lead to identity theft, fraud, and other malicious activities. It not only puts patients at risk but also damages the reputation and trust of the healthcare provider.


Disruption of services

Cyber extortion attacks can paralyze a healthcare organization's systems, disrupting patient care and critical operations. This can have life-threatening implications in emergency situations.


Preventing cyber extortion in healthcare

Implementing cybersecurity measures is necessary to prevent cyber extortion attacks. Healthcare organizations should:

Update software and systems

Keeping software and systems up to date helps protect against known vulnerabilities that cybercriminals may exploit.


Implement strong access controls

Properly managing user access rights and implementing multi-factor authentication can help prevent unauthorized access to sensitive data.


Train employees

Education and training programs that raise awareness about cybersecurity best practices, such as identifying phishing emails and maintaining strong passwords, can prevent successful attacks.


Incident response and business continuity planning

Developing an incident response plan and business continuity strategy can minimize the impact of cyber extortion attacks. Healthcare organizations should:


Incident response team 

Establishing a dedicated team responsible for handling cyber incidents, ensuring a swift and coordinated response.


Response plans

Regular drills and simulations help organizations identify vulnerabilities and improve their ability to respond to cyber threats.


Back-up data

Regularly backing up critical data and storing it securely off-site can help restore operations during an attack without paying a ransom.


The role of cybersecurity in safeguarding patient information



Sharing intelligence, best practices, and lessons learned among healthcare, government, and cybersecurity professionals is crucial in combating cyber extortion.


Cybersecurity training

Promoting cybersecurity training and certification programs improves the skills and knowledge of professionals protecting patient information. 

Read also: HIPAA Compliant Email: The Definitive Guide 

In the news

Over the last few months, Paubox has covered a series of ransom attacks impacting hospitals, with a focus on the rising trend of double extortion tactics. Of particular note is the recent and most significant attack on Change Healthcare, where the RansomHub group claimed possession of 4TB of stolen data, employing a double extortion strategy by threatening to make the data public unless a ransom was paid. This incident has shown the escalating threat posed by cybercriminals using multifaceted extortion tactics to exploit vulnerabilities within healthcare organizations and extract substantial ransom payments.

The attack on Change Healthcare has prompted heightened concern within healthcare cybersecurity, with experts expressing the need for stringent regulations around third-party access and security programs to counter such threats. The potential exposure of a massive trove of protected health data has reverberated across the entire healthcare ecosystem, necessitating an approach to breach liability reduction and cybersecurity measures. The changing nature of ransomware attacks, particularly the emergence of double and triple extortion tactics, has further placed emphasis on the need for organizations to fortify their security controls and response plans to effectively combat these complex and multifaceted threats.

Read more: Nationwide pharmacy delays following Change Healthcare hack 



How do cyber extortionists typically gain initial access to healthcare systems?

Cyber extortionists often exploit vulnerabilities in outdated software, phishing emails targeting employees, or weakly secured remote access points to gain initial access to healthcare networks.


What are some indicators that a healthcare organization may be targeted for cyber extortion?

Signs include unusual network activity, unexpected system slowdowns, ransomware warning messages, or demands for payment to prevent data leaks or restore access to important systems.


What role does employee training play in mitigating the risk of cyber extortion?

Regular cybersecurity training helps staff recognize phishing attempts, avoid downloading malicious attachments, and understand protocols for reporting suspicious activity, reducing the likelihood of successful extortion attempts.


How can healthcare organizations effectively communicate with patients and stakeholders during a cyber extortion incident?

Clear communication channels should be established in advance to inform patients, staff, and stakeholders about the incident, steps being taken to mitigate it, and any potential impact on services or data.


What legal and ethical considerations should healthcare organizations keep in mind when responding to cyber extortion demands?

Organizations must balance legal obligations to protect patient information with ethical considerations regarding the payment of ransoms, seeking legal counsel to work through compliance and confidentiality concerns.




Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.