Cyberattacks targeting medical organizations up 32% in 2024

Attacks targeting medical organizations have reached record levels.

Security provider Black Kite said in a new report that from the 2023 and 2024 calendar years, malware in the medical sector grew by 32%, far outpacing other sectors and industries.

According to the Black Kite research comprised of both public data and its own internal customer statistics, 1 in 10 ransomware incidents now occur at a medical organization, though not every one of the incidents involved patient records.

This makes healthcare the third most commonly targeted industry for ransomware attacks, behind manufacturing and technical services providers.

The increase in attacks not due to carelessness by the organizations themselves. In fact, Black Kite said its own internal records found that medical organizations on average were achieving significantly better security assessment scores than in previous years.

Rather, it is believed that ransomware operators see medical organizations as being a more attractive target with a better potential payout. This is in part due to the high levels of attention afforded to data breach incidents at medical organizations.

“The tipping point for ransomware’s focus on healthcare came with the high-profile Change Healthcare attack,” the Black Kite researchers explained.

“This incident marked a breaking point in the ransomware ecosystem, exposing vulnerabilities in the traditional group-affiliate structure and driving the shift to more aggressive, affiliate-dominated models.”

Also blamed for the rise in attacks was the emergence of newer ransomware operators.

Whereas older cybercrime gangs had considered healthcare organizations to be off limits for attacks, this new generation of cybercrime operators have no such qualms about targeting them with smaller, less guarded healthcare organizations be a particularly popular target.

“Healthcare’s ethical responsibility to ensure patient care raises the stakes, often compelling healthcare organizations to pay ransoms to avoid life-threatening disruptions,” the Black Kite team noted in its report.

“This ethical duty to maintain life-saving operations is a key factor that distinguishes healthcare from other sectors in the ransomware landscape.”

More malware payloads, more aggressive ransom demands

Across all sectors, the Black Kite team noted one emerging trend: More malware payloads are being hidden within embedded systems and supply chains. Additionally, the researchers said ransomware criminals are also taking a hardline stance on their ransom demands rather than engage in negotiations with victim organizations.

“In recent years, ransomware groups have refined their tactics to maximize efficiency, evade law enforcement, and increase their chances of securing ransoms,” Black Kite explained.

“This shift in both tactics and target criteria has made ransomware attacks more frequent, unpredictable, and strategically devastating, creating new challenges for industries, especially healthcare.”