Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital’s systems are held hostage by ransomware, it’s not just data at risk — it’s the care of patients who depend on life-saving treatments. Imagine an attack that forces emergency care to halt, surgeries to be postponed, or a cancer patient’s private health information used for extortion. This is the reality healthcare faces as cybercriminals exploit people who need care. Healthcare accounted for 17.8% of all breach events and 18.2% of destructive ransomware events since 20121, surpassing other sectors like finance, government, and education.
This alarming rise in attacks makes one thing clear: poor cybersecurity hygiene is the root cause, and the consequences for failing to address these vulnerabilities are devastating. Organizations that neglect basic cybersecurity practices, like software patching and ensuring network safety, are leaving their systems exposed to malicious actors. More importantly, the risks aren’t just theoretical; they manifest in frequent breaches that cause real-world harm.
Healthcare’s vulnerabilities
While many industries suffer financial and reputational damage from cyberattacks, healthcare faces a much graver risk. Hackers know they’re not just targeting data or systems — they’re holding something far more precious in their hands: life itself. The healthcare sector is a uniquely vulnerable target for cybercriminals for several reasons. First, the industry’s reliance on interconnected systems that support everything from patient records to life-saving devices creates a broad attack surface. Additionally, healthcare systems often contain sensitive personal information, making them attractive targets for extortion and data theft.
In one example, the CommonSpirit Health ransomware attack in October 20241 resulted in hospitals having to delay medical procedures and redirect emergency care, significantly affecting patient safety​. Another concerning case was the breach of Fred Hutchinson Cancer Center in November 2024 where criminals extorted patients by threatening to release their private health information.
The vulnerabilities in healthcare systems are exacerbated by poor cybersecurity hygiene.
Understanding the correlation between hygiene and breach events
A thorough analysis of 1,454 destructive ransomware events between 2016 and 20232 provides crucial insights into the link between poor cybersecurity hygiene and the frequency of attacks. The findings show that organizations rated D or F have a 35 times higher frequency of destructive ransomware events compared to those with A ratings. This stark contrast underlines the importance of maintaining strong cybersecurity practices.
Criminals target systems with vulnerabilities in basic areas, such as unpatched software, unsafe network services, and unencrypted web communications​. These weaknesses provide easy entry points for attackers, allowing them to compromise critical systems and, ultimately, hold organizations hostage with ransomware.
Organizations with good cybersecurity hygiene — those that regularly patch vulnerabilities, secure their networks, and encrypt sensitive communications — are far less likely to experience breaches. However, many healthcare institutions fail to uphold these standards, making them prime targets for attackers.
Consequences of poor cybersecurity hygiene
In an environment where patient safety depends on the availability of health systems, the consequences of poor cybersecurity can be life-threatening. Destructive ransomware events, which encrypt systems and disable operations, pose significant risks. For hospitals, downtime can mean the difference between life and death for patients relying on critical care services.
The data highlights the consequences of neglecting basic cybersecurity practices. According to Mastercard, healthcare organizations with D or F ratings have 16.6x more breach events than organizations rated A1. These organizations not only expose themselves to more frequent attacks but also face more severe outcomes, such as the inability to deliver care during critical times.
How healthcare can improve its cybersecurity hygiene
Improving cybersecurity hygiene in healthcare is not just about responding to attacks; it’s about proactively addressing vulnerabilities before they can be exploited. Here are key strategies that healthcare organizations can adopt:
1. Continuous monitoring
Cybersecurity hygiene must be continuously monitored. Organizations should conduct regular audits of their systems to identify vulnerabilities and implement fixes promptly. This includes monitoring third-party risks, as healthcare systems often integrate with external vendors whose security hygiene may not meet the required standards. Any third-party vendor who is connected to a healthcare system through a digital/internet connection poses a risk and must be assessed.
2. 24×7 security operations
With ransomware detonating at any time — including weekends and holidays — it’s critical for healthcare organizations to maintain 24×7 security operations2. In fact, 46% of ransomware attacks occur from Friday to Sunday2, a period when many organizations have reduced cybersecurity staffing. National holidays are another favorite for hackers and instead of decreased staffing, increased staffing is more prudent.
3. Third-party risk management
Given the interconnected nature of healthcare, third-party vendors are often a point of vulnerability. Cybercriminals target suppliers, partners, and other third-party entities that may have weaker cybersecurity defenses​. Healthcare organizations must scrutinize their suppliers’ cybersecurity hygiene, ensuring they meet high standards of protection and continuously monitoring them for potential vulnerabilities.
Vendors connected to third-party providers must also be assessed. While this sounds like a lot of work, the right solution can prioritize risks by identifying critical issues instead of lumping all threats together. The accuracy of reporting is key and it’s essential to act on risks efficiently by being able to share risk assessments and action plans with vendors easily.
4. Regular patching and encryption
Keeping software up-to-date is a basic but critical practice in cybersecurity. Healthcare organizations must prioritize patching software vulnerabilities and securing network services like Remote Desktop Protocol (RDP), which is frequently exploited by attackers. Moreover, ensuring that sensitive data is transmitted over secure, encrypted channels is vital to prevent unauthorized access.
5. Incident response and recovery planning
Preparation is key. Healthcare organizations must have well-developed incident response plans that are practiced and updated regularly. This includes backup strategies to ensure critical data and systems can be restored quickly in the event of a ransomware attack. Having these systems in place minimizes the operational downtime and mitigates the potential impact of a cyberattack.
Case study: How Mastercard Cybersecurity’s RiskRecon TPRM solution is making a difference
Mastercard’s RiskRecon TPRM solution is playing a pivotal role in improving cybersecurity hygiene across industries, including healthcare. Through continuous monitoring and detailed assessments of third-party risks, RiskRecon provides healthcare organizations with the insights they need to improve their security posture and mitigate risks.
By assigning A to F cybersecurity hygiene ratings across multiple domains, including software patching, network filtering, and web encryption, RiskRecon helps organizations identify their vulnerabilities and prioritize areas for improvement​. This proactive approach significantly reduces the likelihood of experiencing a breach or destructive ransomware event.
Moreover, the RiskRecon platform allows healthcare organizations to benchmark their security performance against industry peers, driving continuous improvement and accountability.
With Mastercard’s unique insight into the digital ecosystem, processing 143 billion transactions each year, the company offers exceptional accuracy in assessing and safeguarding digital environments.
The road ahead: Strengthening cybersecurity in healthcare
The growing threat of cyberattacks on the healthcare sector requires an urgent, coordinated response. Organizations cannot afford to wait for an attack before taking action; they must adopt a proactive stance on cybersecurity hygiene.
While the task may seem daunting, the data from Mastercard’s research makes it clear that good cybersecurity hygiene dramatically reduces the likelihood of a successful attack. Healthcare organizations need to invest in the right tools, practices, and partnerships to secure their systems and ensure they can continue to provide essential care without disruption.
Mastercard’s RiskRecon offers the solutions healthcare organizations need to improve their cybersecurity posture and protect their patients. By leveraging real-time assessments and detailed cybersecurity hygiene ratings, RiskRecon helps healthcare organizations and their suppliers mitigate risks and prevent ransomware attacks.
For more insights into how your organization can protect itself from ransomware, download the full ransomware report or request a demo to learn more about Mastercard Cybersecurity services.
- “Cybersecurity Hygiene of the Healthcare Sector – A case for mandatory benchmarking for performance improvement” January 16, 2024
- “The 2024 state of ransomware” April 2024