7 reasons why healthcare and pharmaceuticals providers are so susceptible to ransomware and data loss in 2022 blog card

7 reasons why healthcare and pharmaceuticals providers are susceptible to ransomware and data loss

Healthcare and pharmaceuticals are two industries relentlessly targeted by cybercriminals. And to rub salt in the wound, cyberattacks on these industries are also the most expensive. IBM found that the average cost of attacks in healthcare totaled $7.13 million in 2020 and $9.23 million in 2021. But there’s a more sinister – and human – cost of cyberattacks on healthcare, and consequences of attacks like ransomware can often spell life-and-death.

But what makes these industries so appealing to hackers, attackers, and cybercriminals to begin with? In this blog, we explore 7 reasons why healthcare and pharmaceuticals providers are so prone to ransomware and data loss in 2022.

1 Healthcare and pharmaceuticals organizations store very sensitive data 

Protected health information (PHI), medical history and records, and a plethora of personally identifiable data (PII) are all stored within healthcare IT systems. This is well-known to cybercriminals, and so makes organizations within these industries a prime target for cybercriminals looking either to harvest data and credentials, access finances, or encrypt systems and demand a ransom. 

2 The healthcare and pharmaceuticals industries are rapidly digitizing

The use of electronic health records (EHRs) and electronic public health information (ePHI) has only accelerated due to COVID-19. In 2020 the UK National Health Service (NHS) estimated the cost of their updated digital transformation strategy to be £8.1bn alone. What’s more, 55% of patients would share their information digitally if this reduced costs. With this increase in data being held digitally, plus a plethora of medical devices now comprising the vast Internet of Things (IoT), providers must ensure their digital infrastructures are properly protected. If they don’t, then this data is ripe for the picking.

3 Widespread attack surface and inadequate training

68% of cyberattacks start with a phishing email, 1 in 8 US citizens work in healthcare, and since November 2020 there’s been a 45% increase in the number of attacks seen against healthcare organizations. What’s more, research has found that 1 in 7 workers falls for a phishing email. Ultimately, a combination of fear-mongering, inadequate security awareness training, lack of protocol adoption, and widespread attack surface mean healthcare is the most breached industry and second most phished

4 Not enough investment in the right areas for cyber resilience 

Investing in cyber resilience and putting the fundamentals in place is key for preventing ransomware and other cyberattacks. But it’s been reported that just 22% of IT managers have confidence that their healthcare organization is allotting adequate funds to secure its IT systems. Email security doesn’t need to be difficult, and protocols like DMARC exist to keep businesses, data, and people secure.

5 No one dedicated to protecting against breaches

While there’s been 94% growth in the number of cybersecurity job listings in healthcare since 2013, Poneman found that 28% of respondents said no one person has overall responsibility for their organization’s risk management approach or strategy. If there’s no one role accountable for protecting infrastructure and data, then this creates instability that attackers can take advantage of.

6 Large supply chains and significant third-party outsourcing

Third-party outsourcing increases the attack surface, as it can be hard for healthcare providers to ensure their supply chain is implementing the proper protocols for protection. With outsourcing set to increase in healthcare this year, this risk will only increase too. For example, suppliers that are poorly protected could be open to impersonation, meaning phishing emails, fake invoices, and data requests are more likely. 

7 Legacy systems, outdated processes, and lack of preparedness

“The NHS health and care services are dependent on people, processes and information technology (IT) systems, and some of these IT systems are outdated and inefficient.” While this refers to the UK’s National Health Service, the story is the same for healthcare providers globally, creating ripe opportunities for cybercriminals to take advantage. What’s more, 75% of healthcare facilities were found to be unprepared when it came to responding to cyberattacks, another area that needs rapid improvement to avoid potentially devastating consequences.

DMARC is the first line of defense against phishing and ransomware

While we’ve focused on healthcare and pharmaceuticals in this blog, ultimately the same can be said for any industry that holds large amounts of sensitive data and hasn’t implemented the basic measures to protect it. The most essential and fundamental of these measures is DMARC.

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It’s an email security and authentication protocol that protects domains against exact impersonation. Essentially, it ringfences your domain and blocks hackers from being able to use it to impersonate your business and send phishing emails to your customers, employees, and supply chain.

Why not take the first steps towards better emails security by getting your free DMARC, SPF, and DKIM health check today?

Check email DMARC setup

PUBLISHED BY

Sabrina Evans

18 Feb. 2022

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Certificates

TLS certificates are changing: What you need to know

Red Sift

Executive summary: TLS certificates are about to get significantly shorter-lived. Starting 15 March 2026, newly issued public-trust certificates will max out at 200 days—and just three years later, that lifespan drops to 47 days. Backed by Google, Apple, and Mozilla, this shift aims to make the web safer through fresher data, faster failover, and…

Read more
DKIM

The hidden threat: How misconfigured DKIM enables replay attacks

Red Sift

Email authentication isn’t just an IT concern. It protects your brand and customers. A single misstep can let attackers spoof your domain, send phishing emails, and destroy customer trust. One of the most dangerous methods? The DKIM replay attack. In this post, we’ll break down how undersigned DKIM keys and related misconfigurations open your…

Read more
BIMI

Why DMARC and BIMI are a business priority

Jack Lilley

Email threats aren’t slowing down, and neither should your authentication strategy. In our recent joint webinar with Marigold, “From DMARC to BIMI: Navigating the New Email Authorization Landscape,” we broke down what today’s evolving standards mean for both security and marketing teams—and how to take action now with our free Red Sift Investigate tool.…

Read more
ASM

Zoom stops zooming: Why active monitoring is essential

Billy McDiarmid

​On April 16, 2025, Zoom experienced a significant global outage that disrupted video conferencing services and access to its website for thousands of users, as well as their corporate email for all their employees. It was quickly identified as a domain name registration status problem. Despite being a critical name for Zoom, somehow, the…

Read more