Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy

A review of recent Kroll incident response cases has underlined the growing cyber security risk to the healthcare sector.

In this blog post, we briefly outline these findings and what organisations can do to defend themselves.

A security emergency

Healthcare institutions are currently under significant threat from ransomware gangs and nation state actors. Kroll’s findings mirror those of national cyber security agencies as multiple warnings were launched throughout 2022.

It is likely that attackers are attracted to healthcare because of the volume of confidential data held, particularly protected health information, as well as the critical risks posed by the disruption of business services.

In Q2 2022, Kroll observed a 90% increase in the number of healthcare organisations targeted, in comparison with Q1 2022. Ransomware helped to drive this rising threat at a time when services were undoubtedly under pressure due to COVID-19. The impact of ransomware on healthcare is not only disruptive and costly, as it is for all sectors, but also has the potential to put lives at risk.

Key threats

Some of the threats against healthcare observed by Kroll include:

  • Email compromise (36%)
  • Ransomware (31%)
  • Unauthorised access (28%)

While ransomware attacks do not top the list, they present a more severe risk than email compromise. This is because a successful ransomware attack could impact the ability to access data required for essential patient care. The majority of ransomware attacks in 2022 harnessed double extortion. This involves actors exfiltrating data prior to network encryption, then making threats to leak the stolen data as leverage during negotiations.

Six steps for healthcare organisations

For improved protection against ransomware, healthcare organisations should take the following security steps:

  1. Implement least privilege policies for data/system access
  2. Delete unused email addresses
  3. Implement and enforce strong password policies
  4. Use multifactor authentication
  5. Create, update, segregate and protect viable backups
  6. Allowlist safe applications


Read about Kroll's findings in more detail