Ransomware Cyberthreat Impacts Small Healthcare Businesses

We are frequently asked about the impact of ransomeware cyberthreats on healthcare businesses and small businesses in general. There are many types of cyberthreats but ransomware seems to be in the headlines more than others. Ransomware is a type of malicious software (malware) used to commit a cybercrime where hackers gain access to a system, shut it down, and demand a ransom (mostly made through cryptocurrency) to restore access. Users open the door to these attacks by viewing illicit emails, downloading infected applications, or visiting compromised websites.

In a past article, we referenced a statistic from Sophos Ltd that indicated healthcare organizations were the top target of ransomware attacks and the average cost was about $100,000 per affected organization.

A ransomware fact sheet was published by https://www.hhs.gov and offers helpful information about how HIPAA compliance can help protect healthcare businesses against ransomware and other cyber threats. Certainly, the advice given should be followed. However, even with strict adherence to HIPAA guidelines, healthcare organizations are frequently falling victim to attack.

Recent headlines and data speak to the need for healthcare organizations and small businesses to make sure their business network is protected with modern security standards and monitored closely for any signs of suspicious activity. Ransomware is only one of several cybercrimes that pose a threat.  Taking even small, basic steps to protect a business network can make all the difference as demonstrated by some of the recent incidents we’re highlighting below as examples.

Giant Data Breach Caused by Lack of Multifactor Authentication

United Healthcare paid a $22 million ransom payment in February 2024. The cause was found to be the simple lack of multifactor authentication that allowed the theft of a password

In a congressional hearing about the incident, UnitedHealth reported that a company they acquired had outdated technology in place and was the root cause of the attack. “Change Healthcare was a relatively older company with older technologies, which we had been working to upgrade since the acquisition,” … “But for some reason, which we continue to investigate, this particular server did not have MFA on it.”  

Small Business Cyberattack Stats

Small businesses are targets of ransomware and other cybercrimes but may not make the headlines in the same way as large organizations. These recent figures point to the reality of the threat:

  • “Companies with fewer than 500 employees saw a 13.4% increase in average losses resulting from data breaches.
  • Companies with 500 to 1,000 employees saw an increase in average losses of 21.4%, while those with 1,001 to 5,000 employees also saw a rise of close to 20%.” USA Today March 2024

Small Businesses Cybersecurity Misconceptions

It is common for small businesses to put off addressing their cybersecurity measures due to misconceptions. Many mistakenly believe they are too small to be of interest to hackers, or all that’s needed is an insurance policy to cover any losses. Maybe the biggest reason small businesses aren’t doing all they can to protect themselves from cyber-attack is money.  According to National Cybersecurity Alliance, “One of the most prevalent misconceptions is that cybersecurity necessitates a financial commitment that’s beyond the reach of small and medium-sized businesses.”  

Peace of Mind Against Cyber Attacks for Small Businesses

At a minimum, small businesses should use managed IT services that are affordable and tailored to fit specific needs instead of relying on in-house employees who are being tasked with other responsibilities. With the surge of growth in artificial intelligence, keeping up with technical vulnerabilities in any size organization has outpaced a casual approach.  Take steps today to protect your business.


download how to embed cybersecurity into your organization


You May Also Like…


Submit a Comment

Your email address will not be published. Required fields are marked *