Skip to content
11:11 Systems
The Resilient Cloud Platform
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • 11:11 Systems Consulting
          Consulting Services
          Global Regions
          Cloud Regions
          11:11 Systems Security
          Security

      • Column 2
        • Cloud Console
          Cloud Console
          Catalyst
          Planning and Assessment
          Compliance
          Compliance

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      • ESG Program
      •  
      • Careers
      • Technology Partners
      • Customer Stories
      • Innovation Blog
  • Products & Services
    • Products & Services

        • Cloud Overview
        • Managed Public Cloud
        • Private Cloud
        • Object Storage
        • Cloud Labs
        • Flexible Cloud Environment/Colocation
        • AWS Solutions
        • Managed OS Services
        • Managed DB Services

        Infrastructure as a Service

        Take a 30-day free trial of 11:11 Cloud.

        Cloud hosting built for your business.
        START FREE TRIAL
        REQUEST A QUOTE

        • Backup Overview
        • Veeam Backup
        • Microsoft 365 Backup
        • Managed Backup for Cohesity
        • Cyber Vault
        • Data Protection Services
        Backup as a Service

        11:11 Cloud Backup

        Protect your data wherever it lives.
        REQUEST A QUOTE
        REQUEST A DEMO

        • DRaaS Overview
        • DRaaS for Veeam
        • DRaaS for Zerto
        • DRaaS for Azure
        • DRaaS for Cohesity
        • Managed Recovery
        • Cloud Recovery
        • Cyber Recovery Platform
        • Infrastructure Recovery
        • Continuity Consulting Services
        • Disaster Recovery Consulting
        Disaster Recovery

        5TB 30Day Free Trial of DRaaS for Veeam

        Protect your business-critical workloads and reduce recovery time with the Leader in Disaster Recovery.
        START FREE TRIAL
        LEARN MORE

        • Security Overview
        • Continuous Risk Scanning
        • Managed Detection and Response
        • Managed SIEM
        • Managed EDR
        • Managed Firewall
        • Application and Zero Trust Services
        Security Services

        Take the first steps toward cyber resilience.

        Download our white paper and learn how to stay ahead of threats.
        REQUEST A QUOTE
        DOWNLOAD NOW

        • Networking Overview
        • SD-WAN
        • Managed Connectivity for AWS Direct Connect
        • Multi-Cloud Connect
        • Network Consulting Services
        Connectivity Services

        Transform your network.

        Take your infrastructure and performance to the next level.
        REQUEST A QUOTE
        WATCH VIDEO
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
    • Solutions Business Objective Submenu
      • BUSINESS OBJECTIVE
      • Cyber Resilience
      • Modernize
      • Protect
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Consulting Services
    • Cloud Console
    • Cloud Regions
    • Planning and Assessment
    • Security
    • Compliance
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • ESG Program
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Managed Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Flexible Cloud Environment/Colocation
    • AWS Solutions
    • Managed OS Services
    • Managed DB Services
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • Cyber Vault
    • Data Protection Services
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • DRaaS for Cohesity
    • Managed Recovery
    • Cloud Recovery
    • Cyber Recovery Platform
    • Infrastructure Recovery Services
    • Continuity Consulting
    • Disaster Recovery Consulting
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed Detection and Response
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • Application and Zero Trust Services
    • NETWORK
    • Network Overview
    • SD-WAN
    • Managed Connectivity for AWS Direct Connect
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • BUSINESS OBJECTIVE
    • Cyber Resilience
    • Modernize
    • Protect
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Product Documentation
    • API Documentation
  • Contact
  • Login
  • Free Trial
Tags: HealthcareCyberSecurity Awareness MonthCybercrimeRansomware
Author: James Costanzo
Date: October 17, 2023

Healthcare Systems Remain Prime Target for Cybercriminals

In mid-August, state officials in Connecticut began receiving worrisome complaints from constituents about a potentially dire situation unfolding at local hospitals.

One such message, from a woman on Facebook, relayed a desperate plea for help on behalf of her 71-year-old father, who, she claimed, had spent the last two days on a gurney in an emergency room hallway. The picture she painted — one that quicky caught the attention of state representatives and the state Department of Public Health — bordered on post-apocalyptic: an overrun department with doctors, nurses, and staff stretched beyond their capacity and patients unable to receive the attention or medication they needed.

Without enough rooms or beds to go around, patients on gurneys littered the hallways with some forced to sit on the floor. For many, including the woman’s father, who had been rushed to the hospital via ambulance with a broken hip, treatment was either delayed, inadequate, or both. Patients waited for days to be admitted, languishing in pain and without recourse.

“My dad was in the hallway of the ER for two days before he got a bed and there were so many people sitting on the floor and waiting for hours,” the woman wrote, searching for someone — anyone — with the ability to help. “Could there be any solutions to help this situation, like the National Guard or anything?”

INSIDE A RANSOMWARE NIGHTMARE

 On the morning of August 3, 2023, a single ransomware attack crippled one of the nation’s largest healthcare networks, compromising the personal data of more than 190,000 individuals and interrupting patient care across five states. Upon noticing the breach, Prospect Medical Holdings — a for-profit medical holdings company that owns 16 hospitals and 165 outpatient facilities in California, Connecticut, Pennsylvania, Rhode Island, and Texas — quickly shut down its clinical operation services and took its IT systems offline.

It would take more than six weeks to restore them.

Shortly after the breach, the ransomware gang known as Rhysida claimed responsibility, alleging, in a listing on the dark web, to have stolen more than 500,000 Social Security numbers and photocopies of employees’ driver’s licenses and passports, along with other legal and financial documents. The veracity of that claim remains in question, but only in a splitting-hairs-kind-of-way. There’s no way around it, Prospect got pillaged. In a recent filing with the Office of the Maine Attorney General, it disclosed that the breach compromised the sensitive personal information of at least 190,492 individuals, including employees and patients.

While some pressing postmortem questions still remain — including exactly how Rhysida was able to infiltrate Prospect’s network (phishing attacks and Cobalt Strike malware are suspected) or if a ransom payment was, indeed, exchanged — one thing is clear: The reason why Prospect, and other healthcare organizations, are (and will continue to be) prime targets for this sort of attack.

The answer, as you’ll see, is, well, disheartening.

HEALTHCARE AND THE TARGET ON ITS BACK

Nearly three weeks before Rhysida claimed responsibility for the Prospect breach, the Department of Health and Human Services (HHS) issued a worldwide alert about the gang, claiming they were behind a string of recent attacks against other healthcare organizations. It was one of 13 threat alerts and nine briefs the HHS has issued so far in 2023 — a reflection of healthcare’s perpetual, ever-evolving battle with cybercrime.

Given the sheer volume of threats bearing down on today’s IT professionals and the rate at which new malicious actors pop up (with Rhysida being among the youngest, emerging in May 2023), it’s easy to see how notices like this can fall through the cracks, or simply be issued too late. For example, a recent report from Bloomberg noted that cyberattacks on hospitals in the United States have more than tripled over the last five years, putting immense pressure on an industry still struggling to recover from the COVID-19 pandemic.

In late June — more than a month before the attack on Prospect — John Riggi, the national advisor for cybersecurity and risk at the American Hospital Association, reported that health facilities had been hit with 226 digital incursions so far this year, impacting more than 36 million people. All told, healthcare organizations in the United States have suffered 5,478 data breaches since 2009, according to research done by Comparitech. By their estimates, these breaches have compromised nearly 423 million medical records and cost healthcare organizations over $39 billion from 2017 to July 2023 alone.

The unfortunate truth is, healthcare providers around the world have been plagued by cybercrime for decades now, with hackers aiming to exploit the high-stakes nature of their work for big payouts. Way back in 2016 — an IT eternity — Wired Magazine branded hospitals as the “perfect target” for cyberattacks like ransomware, an assertation that has not only proven to be true, but one that continues to snowball in the wrong direction.

According to the 2023 Cost of a Data Breach Report by IBM Security, cybercrime hits healthcare harder than any other industry. In 2022, the average healthcare breach cost $11 million, nearly double that of finance, the next-highest sector, at $5.9 million. But this is nothing new. Healthcare has held down the top spot in IBM’s report for 13 straight years. The more concerning trend is that healthcare has seen a 53 percent increase in the average cost per data breach since 2020. By comparison, the global average cost per breach across all sectors increased by just 15 percent over the same span.

BUT WHY?

It’s no secret that cybercrime, especially ransomware, is on the rise. This isn’t because tech-savvy troublemakers think it a fun hobby. It’s because it’s profitable — aggressively so.

Case in point: Cybercrime will cost the world an estimated $8 trillion USD in 2023 and as much as $10.5 trillion by 2025, according to Cybersecurity Ventures. By 2031, Cybersecurity Ventures expects the global cost of ransomware, the fastest-growing type of cybercrime, to exceed $265 billion. If measured as a country, the total damages pinned on cybercrime this year would account for the world’s third-largest economy, behind only the United States and China. Business, as they say, is booming.

But Healthcare, more than any other sector, is under siege. Why?

The answer is as unsurprising as it is simple. Just follow the money. While each cyberattack (and attacker) is unique, their endgame clearly isn’t: financial gain by any means necessary. And, unfortunately for those in healthcare, no other industry has consistently provided cybercriminals with more bang for their buck.

There are a few specific reasons why healthcare has proven particularly profitable for cybercriminals. First, healthcare systems are more likely to contain information with a higher “street value” than your average organization, such as patients’ protected health information and other valuable financial and personally identifying records. In fact, according to Riggi, stolen health records may sell up to 10 times higher than stolen credit card numbers on the dark web.

Additionally, healthcare providers are uniquely vulnerable to infiltration, with larger than average “attack surfaces,” or weak points for malicious actors to exploit. This is due to several inherent industry hazards, including third-party vendors, patient data practices, connected medical devices, supply chain issues, and outdated systems or software.

In the wake of the attack on Prospect, Riggi explained exactly this to The New York Times, saying:

“We’re relying more on cloud-based services, remote third parties. So, all of these things are done with good intention — ultimately to improve patient care and to save lives. But the unintended consequence of this is that it has expanded dramatically our digital attack surface.”

The final, and most insidious factor, is that cybercriminals tend to view healthcare providers as “soft targets.” In a recent blog post on cybercrime and healthcare, Soma Kancherla, senior solutions architect at VMware, explains what this means and why it makes cybercriminals so dangerous. He argues that, since cybercriminals know healthcare providers have a responsibility to keep patients alive and well, they are much more likely to receive consistent ransom payments. Basically, they are willing to exploit the very nature of healthcare as a weakness.

Like I said, disheartening.

THE TRUE COST OF CYBERCRIME

It’s been over two months since the Prospect ransomware attack, and it may take years, still, to fully realize the extent of the damage, both to its bottom line and its reputation. The immediate consequences, however, were dire: emergency rooms closed, ambulances diverted, and clinicians forced to revert to pen and paper processes.

The Connecticut Mirror recently published an in-depth accounting of the entire six-week ordeal, laying out in grim detail what life was like for patients, doctors, nurses, staff, and state officials as they scrambled to keep three local Prospect-owned hospitals running after the breach. According to their reporting, the effected hospitals and affiliated medical offices had to cancel nearly half of their elective procedures and at times couldn’t process X-rays or CT scans that are vital for treating potential stroke or heart attack victims.

Manchester Memorial Hospital was so crippled by the attack, according to the CT Mirror, that officials notified emergency services in eastern Connecticut they could not take patients, forcing crews to divert people to hospitals as far away as Massachusetts. And, at one point in August, state officials were so concerned about staffing issues at Waterbury Hospital they considered activating the volunteer Medical Reserve Corps, which had previously been done only during the height of COVID.

Cyberattacks on hospitals have been know to wreak such devastation that, recently, a team of researchers at UC San Diego concluded they “should be considered a regional disaster.” According to their research, which documented a ransomware attack on a neighboring hospital in 2021, the number of confirmed strokes nearly doubled in the wake of the breach, as did the number of patients who left altogether without seeing a doctor. The authors also found that, compared to the weeks prior, the hospital had nearly 600 additional patients waiting in the ER with the staff experiencing “serious resource constraints.”

Riggi agrees with this assessment, recently telling Chief Healthcare Executive:

“These are threat-to-life crimes. These are not data crimes. These are not white-collar crimes. And the adversaries have to understand, when we are diverting ambulances with stroke, heart attack and trauma patients, people’s lives are at risk.”

This is the rotten core at the center of it all. The fact is, when cybercriminals target healthcare systems, they are purposefully and willingly putting lives at risk. They do not consider interruptions to patient care a flaw to be avoided, or even regrettable collateral damage. It’s a feature — one that earns them quicker, more consistent payouts.

The ruthlessness of this equation cannot be understated nor ignored.

For healthcare systems, the true cost of cybercrime is — or at least should be — expressed, not solely in terms of downtime, data corruption, and dollars lost, but primarily in terms of impact on patients care. When critical IT systems go down at a hospital, like in the case of Prospect, patient care is interrupted — often for extended periods of time — and human lives hang in the balance. However unpleasant, this is the story we need to be telling with consistency. Healthcare organizations must begin to fully understand what they’re up against.

As we’ve seen, and will continue to see, a single attack can negatively impact much more than just the livelihoods of healthcare executives. It can can permanently alter the very real lives of the patients who trust them. The woman whose elderly father had to wait for days on a gurney in an ER hallway, for example, is just one of many to get caught in the crossfire. She’s still searching for answers.

“I just felt bad that we couldn’t do more to help him, and we couldn’t do more to get him the comfort he needed,” she said. “You feel very powerless when there’s nothing you can do. You’re sort of at the mercy of what else is happening.”

Categories: Cybercrime, Ransomware, SecurityBy James CostanzoOctober 17, 2023
Tags: HealthcareCyberSecurity Awareness MonthCybercrimeRansomware

Author: James Costanzo

James Costanzo is a Product Marketing Manager and Content Strategist at 11:11 Systems. In this role, James helps to create 11:11’s product, communications, and customer reference messaging and content. A storyteller at heart, James worked in development and as a reporter for nearly a decade prior to joining 11:11 marketing. James graduated with a master’s degree in journalism from the S.I. Newhouse School of Public Communications at Syracuse University.

Post navigation

PreviousPrevious post:Put Cloud in the Fast Lane: Why SD-WANNextNext post:Healthcare IT: Improving Patient Care and Satisfaction with SD-WAN

Related Posts

Digital Operational Resilience Act (DORA)
Helping the Financial Sector Deliver Secure and Modern Infrastructure through Regulation
July 10, 2025
vulnerability management
A Modern Approach to Managing Vulnerabilities
May 30, 2025
Cyber Resilience
Data Protection vs. Cyber Resilience: Mastering Both in the Complex World of Gambling
May 27, 2025
ransomware attack, worst day
The Remedy Against Ransomware: Insights from Our April 2025 Webinar
May 19, 2025
Cyber Resilience
Reimagining Cyber Resilience in the Gambling Industry: A Strategic Imperative for the Digital Age
May 13, 2025
effective passwords
Creating Effective Password Policies in Your Organization
May 5, 2025
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Network as a Service
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • X
  • Youtube

© 2025 11:11 Systems Inc., All Rights Reserved | Privacy Notice | Website Terms of Use |

Go to Top