Ransomware attacks on the healthcare sector have risen by a third in 2024 with the US the prime target. Cybersecurity company Black Kite reports 374 incidents in the past year, a 32.16 percent rise in the number of attacks on the industry over 2023. Healthcare is now among the top targets for ransomware, surpassed only by manufacturing and professional services.
The rapid rise in ransomware attacks on the healthcare sector is the result of increasing ruthlessness on the part of ransomware gangs. Until relatively recently, some sectors, such as healthcare and education, were considered off-limits. According to Black Kite, if an affiliated criminal gang attacked a healthcare organization, the core ransomware group would frequently step in, apologizing to the victim organization -sometimes even decrypting the ransomed data for free.
But today, ransomware groups are now not only attacking large hospitals but also smaller facilities. Doctors’ offices account for 25 percent of healthcare ransomware incidents, while general medical hospitals account for 22 percent. Smaller healthcare providers, including dentists and outpatient centers, are also frequent targets.
According to Black Kite: “These organizations may lack robust security infrastructure, making them appealing, low-resistance targets for ransomware groups.”
Rise of the ‘black unicorns’
Black Kite attributes this change in ethics to the rise of a new breed of ruthless ransomware, which they call “black unicorns”. In business, the term ‘unicorn’ is a company, generally less than a decade old, that reaches a valuation of $1 billion or more.
“But there are also Dark Unicorns,” warns Dark Kite. “Once seen as mischievous hackers working from basements, ransomware gangs have grown into highly organized, powerful entities within a multi-billion-dollar cybercrime ecosystem. Their ruthless tactics and extensive reach have transformed ransomware from isolated attacks to a lucrative industry on a global scale.”
Black Kite also lists the ‘dark unicorns’ most active in targeting the US healthcare sector. Everest leads, with 25 percent of its victims in healthcare. Other notable groups include INC Ransom (21.7 percent), Monti (20.8 percent), and Rhysida (18.5 percent). High-volume groups like INC Ransom and BianLian also have a strong healthcare focus, making them especially dangerous to the sector. Lower on the list, groups like Medusa (9.3 percent) and Abyss (9.1 percent) target healthcare less frequently but still contribute to its heightened risk profile.
“If you’re in the healthcare industry, your supply chain is likely filled with healthcare-focused vendors, each a potential entry point for ransomware attacks….Staying vigilant about ransomware activity has never been more critical to safeguarding your organization—and your patients—from the devastating ripple effects of a breach,” advises Black Kite.
