7 reasons why healthcare and pharmaceuticals providers are so susceptible to ransomware and data loss in 2022 blog card

7 reasons why healthcare and pharmaceuticals providers are susceptible to ransomware and data loss

Healthcare and pharmaceuticals are two industries relentlessly targeted by cybercriminals. And to rub salt in the wound, cyberattacks on these industries are also the most expensive. IBM found that the average cost of attacks in healthcare totaled $7.13 million in 2020 and $9.23 million in 2021. But there’s a more sinister – and human – cost of cyberattacks on healthcare, and consequences of attacks like ransomware can often spell life-and-death.

But what makes these industries so appealing to hackers, attackers, and cybercriminals to begin with? In this blog, we explore 7 reasons why healthcare and pharmaceuticals providers are so prone to ransomware and data loss in 2022.

1 Healthcare and pharmaceuticals organizations store very sensitive data 

Protected health information (PHI), medical history and records, and a plethora of personally identifiable data (PII) are all stored within healthcare IT systems. This is well-known to cybercriminals, and so makes organizations within these industries a prime target for cybercriminals looking either to harvest data and credentials, access finances, or encrypt systems and demand a ransom. 

2 The healthcare and pharmaceuticals industries are rapidly digitizing

The use of electronic health records (EHRs) and electronic public health information (ePHI) has only accelerated due to COVID-19. In 2020 the UK National Health Service (NHS) estimated the cost of their updated digital transformation strategy to be £8.1bn alone. What’s more, 55% of patients would share their information digitally if this reduced costs. With this increase in data being held digitally, plus a plethora of medical devices now comprising the vast Internet of Things (IoT), providers must ensure their digital infrastructures are properly protected. If they don’t, then this data is ripe for the picking.

3 Widespread attack surface and inadequate training

68% of cyberattacks start with a phishing email, 1 in 8 US citizens work in healthcare, and since November 2020 there’s been a 45% increase in the number of attacks seen against healthcare organizations. What’s more, research has found that 1 in 7 workers falls for a phishing email. Ultimately, a combination of fear-mongering, inadequate security awareness training, lack of protocol adoption, and widespread attack surface mean healthcare is the most breached industry and second most phished

4 Not enough investment in the right areas for cyber resilience 

Investing in cyber resilience and putting the fundamentals in place is key for preventing ransomware and other cyberattacks. But it’s been reported that just 22% of IT managers have confidence that their healthcare organization is allotting adequate funds to secure its IT systems. Email security doesn’t need to be difficult, and protocols like DMARC exist to keep businesses, data, and people secure.

5 No one dedicated to protecting against breaches

While there’s been 94% growth in the number of cybersecurity job listings in healthcare since 2013, Poneman found that 28% of respondents said no one person has overall responsibility for their organization’s risk management approach or strategy. If there’s no one role accountable for protecting infrastructure and data, then this creates instability that attackers can take advantage of.

6 Large supply chains and significant third-party outsourcing

Third-party outsourcing increases the attack surface, as it can be hard for healthcare providers to ensure their supply chain is implementing the proper protocols for protection. With outsourcing set to increase in healthcare this year, this risk will only increase too. For example, suppliers that are poorly protected could be open to impersonation, meaning phishing emails, fake invoices, and data requests are more likely. 

7 Legacy systems, outdated processes, and lack of preparedness

“The NHS health and care services are dependent on people, processes and information technology (IT) systems, and some of these IT systems are outdated and inefficient.” While this refers to the UK’s National Health Service, the story is the same for healthcare providers globally, creating ripe opportunities for cybercriminals to take advantage. What’s more, 75% of healthcare facilities were found to be unprepared when it came to responding to cyberattacks, another area that needs rapid improvement to avoid potentially devastating consequences.

DMARC is the first line of defense against phishing and ransomware

While we’ve focused on healthcare and pharmaceuticals in this blog, ultimately the same can be said for any industry that holds large amounts of sensitive data and hasn’t implemented the basic measures to protect it. The most essential and fundamental of these measures is DMARC.

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It’s an email security and authentication protocol that protects domains against exact impersonation. Essentially, it ringfences your domain and blocks hackers from being able to use it to impersonate your business and send phishing emails to your customers, employees, and supply chain.

Why not take the first steps towards better emails security by getting your free DMARC, SPF, and DKIM health check today?

Check email DMARC setup


Sabrina Evans

18 Feb. 2022



Recent Posts


Red Sift Recognized on Deloitte’s EMEA Fast 500™ List

Francesca Rünger-Field

We’re thrilled to share that Red Sift has been included in Deloitte’s 2023 EMEA Fast 500 list. This recognition stems from 389% revenue growth over three years, $54 million in Series B funding, acquiring ASM innovator Hardenize, and introducing the Red Sift Pulse Platform. Read the press release here. About the award The Deloitte Technology Fast…

Read more
Brand Protection

The vital role of cybersecurity for Nonprofits: A deep dive 

Sean Costigan

Save the Children, a beacon of hope and change, has been dedicated to improving the lives of children for over a century. Founded in London, it now has a presence in 29 nations, employing 844 staff members in the UK alone and engaging over 3600 formal volunteers. As charities and nonprofits like Save the…

Read more

Red Sift brings DMARC data to the SOC with new Cisco XDR…

Rebecca Warren

Today, we’re thrilled to announce that we’re extending our partnership by joining the Cisco Security Technical Alliance and integrating Red Sift OnDMARC with Cisco XDR. This integration builds on the Domain Protection partnership we announced in November 2023 to bring visibility of business email compromise into the SOC (security operations center). At release, Red…

Read more

Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more