What hospitals are attacked by ransomware?

Ransomware attacks on hospitals and healthcare systems have been rapidly increasing over the past few years. These attacks encrypt important files and systems, essentially locking healthcare providers out of their own infrastructure until a ransom is paid. This can lead to dangerous care delays and patient safety issues. Understanding which hospitals have been impacted by ransomware can help the healthcare industry prepare defenses and responses.

How often do ransomware attacks on hospitals occur?

Ransomware attacks on the healthcare industry have risen significantly in recent years. According to research by cybersecurity firm Emsisoft, there were at least 102 ransomware attacks targeted at healthcare providers in 2019, up from 13 attacks in 2016. In 2020, attacks spiked even further to at least 560 major incidents. Hospitals and clinics made up around 88% of the ransomware attacks within the healthcare sector.

Experts believe ransomware attacks on the healthcare industry will continue to accelerate. The increasing digitization of healthcare operations provides more potential entry points for attackers. Additionally, many hospital systems lack updated cybersecurity measures and training to defend against modern ransomware campaigns, making them vulnerable targets.

What are some major recent hospital ransomware attacks?

Some of the largest and most disruptive ransomware attacks on hospital systems include:

  • In September 2020, a ransomware attack forced the shutdown of all 250 facilities of hospital chain Universal Health Services. Doctors and nurses had to revert to paper records, with the outage impairing care delivery for around two weeks.
  • In October 2020, three hospitals in Alabama and two hospitals in Arkansas belonging to the DCH Health System were hit by ransomware. Emergency patients had to be diverted to other hospitals.
  • In September 2021, some staff at St. Lawrence County Health System in New York were locked out of the network for almost a month due to a ransomware attack. Surgeries were postponed and ambulances diverted.
  • In 2021, Scripps Health system in California was forced to shut down networks across multiple hospitals due to ransomware. The outage disrupted care for weeks.

These represent just a fraction of the major ransomware incidents targeting hospitals and health systems in recent years. Unfortunately, successful attacks that lead to significant care disruptions are becoming increasingly common.

Which hospitals and health systems are high-risk targets?

Experts note that certain characteristics may make some hospitals and health systems more likely targets for ransomware campaigns:

  • Larger hospital networks: Multi-hospital chains provide more potential entry points across different facilities and consolidated IT networks for maximum disruption.
  • Hospitals relying on legacy systems: Older, unpatched equipment and software that lacks modern security features are more easily compromised.
  • Smaller/rural hospitals: These facilities often have limited IT budgets and cybersecurity expertise to defend against attacks.
  • Hospitals with poor backups: Without robust, isolated backups it’s impossible to restore systems without paying the ransom.

Ultimately, any hospital or medical facility that hasn’t implemented strong, regularly-updated cybersecurity measures across its digital infrastructure could be at risk. Attackers seek out the easiest targets.

Notable hospitals hit with cyberattacks and ransomware

Here is a list of some of the major hospitals, health systems, and medical facilities impacted by significant cyberattacks and ransomware campaigns in recent years:

Hospital/Health System Location Date of Attack
Scripps Health California April 2021
St. Lawrence County Health System New York September 2021
Memorial Health System Illinois August 2021
Coastal Health District Georgia July 2021
Cape Fear Valley Health North Carolina May 2021
Stanislaus County Health Services Agency California May 2021
The University of Vermont Health Network Vermont October 2020
Sky Lakes Medical Center Oregon October 2020
Dickinson County Healthcare System Michigan October 2020
Universal Health Services National chain September 2020

This table provides just a sample of the hundreds of healthcare organizations affected by ransomware over the past couple of years. Hospitals across the United States, both large chains and localized community facilities, have fallen victim to attacks.

Why do ransomware attackers target hospitals?

There are several key reasons why ransomware gangs are increasingly targeting hospitals, medical facilities, and public health agencies:

  • Essential services: Healthcare organizations provide critical, often life-saving care that cannot be easily disrupted. This gives attackers leverage to demand large ransoms.
  • Vulnerable systems: Many hospitals use outdated hardware and software vulnerable to cyberattacks. Their networks offer many entry points.
  • Valuable data: Medical records, patient data, and health research can fetch high prices on the dark web, adding incentive.
  • Budget constraints: Many healthcare providers have limited IT security budgets, lacking resources to prevent attacks.

In summary, healthcare organizations often present easy, profitable targets with little cybersecurity standing in the way. As long as hospitals remain underprepared, ransomware groups will likely continue victimizing the healthcare sector.

Do ransom payments lead to more hospital attacks?

Many cybersecurity experts warn that paying ransoms simply encourages further attacks. Ransomware is a business for these criminals, and payments send the message that the business model works. This may partly explain the snowballing ransomware rates in healthcare.

However, for hospitals paralyzed by attacks, there are no easy choices. With patient health and safety in jeopardy, many feel compelled to pay up, especially if cyber insurance covers some costs. Still, fines and lawsuits in the aftermath of an attack can easily exceed ransom demands.

How can hospitals better prevent ransomware attacks?

To reduce their ransomware risk, hospitals should focus on improving cybersecurity through measures like:

  • Implementing updated antivirus/antimalware tools on all devices and systems
  • Establishing stronger firewalls and network segmentation
  • Enforcing multifactor authentication across computer access
  • Developing and testing robust incident response plans
  • Backing up essential data offline and regularly testing restoration
  • Providing cybersecurity awareness training to all staff

Staying vigilant and continuing to adapt security to match evolving threats is key for healthcare organizations hoping to avoid crippling ransomware disruptions.


Ransomware has created an epidemic threatening healthcare infrastructure and patient wellbeing. Major hospital networks and small community facilities alike have fallen victim to attacks. Implementing stronger cybersecurity measures is critical for healthcare providers. Until the ransomware problem is better addressed, healthcare systems, medical records, and even patient lives will remain at risk.