From the ’80s to Now: Ransomware Involves Trust
Healthcare has been a target of ransomware from its start: The first known ransomware attack involved sending a Trojan virus on a floppy disk to AIDS researchers in 1989. The sender was a fellow researcher, so those who received the disk had no reason to doubt its contents.
When we think of defending against a cyberattack, we often think of it the way we think of protecting our homes: Securing a perimeter, installing dead bolts and making sure nothing from the outside gets in. But what’s really concerning is when the threat actors know how to get past your four walls without setting off any alarms. That’s what makes advanced persistent threats a serious concern.
When training employees to respond to such threats, healthcare is a particularly tricky industry because it requires trust to deliver high-quality care. You want the people working within your organization to be caring, trustworthy and ready to help others. For malicious actors, those are the traits they want to exploit.
That is what makes cybersecurity training and education in healthcare especially challenging: First, organizations may not have updated training to address more recent and emerging threats, and second, you can’t train healthcare professionals to be unhelpful and mistrusting. It may be useful to have role-based security training; for example, help desk employees should be more familiar with the personnel or roles in clinical departments so that when they receive a password change request from an oncologist claiming to be onsite at the emergency department, they would know it’s an unusual ask.
Generative artificial intelligence has also become more prevalent as a tool for threat actors. Malicious organizations have even made their own toolkits widely available for others who want to launch APT attacks.
EXPLORE: Here are four cybersecurity trends to watch in 2026.
Back to Basics With Security
Providers are becoming more savvy with foundational elements of security, focusing on building core cybersecurity programs. There are more CISOs in healthcare, and more professionals are ready to take on similar roles. There has been a noticeable shift in the industry, and now more organizations are familiar with how to tighten up their perimeter defenses.
Cyber resilience has been another area of focus. Organizations should train their teams to act as if they’re always at risk of compromise, because that's the best way to test their resilience, identify where the gaps are and then implement effective solutions for rapid recovery. All providers will eventually get hit at some point, so it is essential for them to maintain both robust layered defenses and efficient recovery plans.
To remain informed about emerging security threats, healthcare security professionals require ongoing training and education. Security operations center staffers have a lot on their plates, but increased automation within their workflows would give them time to renew their knowledge. Organizations need their security teams to be laser-focused and up to date on protecting their environment, because any disruptions to patient care could have serious consequences. A patient suffering a stroke cannot be met by a care team compromised by a ransomware attack. The ability to fail over to another communication platform and implement other contingency measures is incredibly important. Prioritizing resilience becomes top of mind when trying to prevent a catastrophe.
READ MORE: Why do healthcare organizations need an IRE for Epic?
Connected medical devices are yet another area of concern for security. There are many devices linked to clinical workflows, yet most of them basically operate like a black box. Once data enters, it's difficult to see how the gears move inside because of proprietary industry and manufacturer trade secrets. And while it may seem as if they have protective measures in place, such devices can connect to networks without an organization having full insight into their security status. Gaining that visibility and isolating those devices will help providers as they try to manage their complex environments.
Last, healthcare organizations need to get better at sharing their ransomware experiences with each other. Talk about how it started, what was done to remedy the situation and what can be done to prevent it. If we’re going to improve as an industry, we need to share our experiences so that we can better identify APTs, the indicators of compromise and other elements of exposure so that all providers know how to identify, prevent and protect against these long-term, targeted cyberattacks.
This article is part of HealthTech’s MonITor blog series.
