In 2024, 32% of all cyber-attacks recorded were ransomware attacks…

 By Scott Ashton, CISSP, CISM | The Fowler Group, LLC | March 2026

Ransomware continues to be one of the most prevalent cyber threats facing organizations of all types.  For the 12th straight year, the healthcare sector leads all other verticals in the cost of recovery from cybersecurity incidents.

The reasons for the sustained popularity of these attacks among the bad guys looking to take your money are simple:

• Ransomware attacks are straightforward to execute and, an entire ecosystem of ransomware as a service (RaaS) tools have emerged over the last 5-7 years.
• A successful ransomware attack doesn’t require a skilled, nation-state grade hacker to execute. All you need is access to the “dark web” and a couple hundred bucks.
• Ransomware attacks scale well. An attacker can execute multiple campaigns at once.

Ransomware attacks aren’t going anywhere…they’re evolving…

Probably the greatest factor as to why ransomware attacks continue to be successful, however is that organizations continue to fall prey to these attacks, some multiple times. Ransomware attacks are literally a slot machine that never stops paying off. In response to the prevalence of these damaging attacks many organizations bolstered their data back-up strategies, reducing the time and effort required to reconstruct systems and ensuring that critical data remained preserved. Not missing a beat, the attackers adjusted their business model. Instead of merely locking up data through encryption, they’ll steal as much data as they can before making the data unavailable. We refer to these attacks as data extortion attacks and it turns out that they’re even easier to execute than data encryption attacks, often flying under the radar until it’s too late.

What’s in a statistic?

During a recent conversation with a senior leader of a mid-sized health system, I was taken to task for a commonly cited statistic; the average cost of a data breach in healthcare is $7.42M. The point of contention surprised me. It wasn’t that the average of $7.42M was inflated, it was that it was too low. This organization had suffered a ransomware attack that, when all was said and done cost them $30M. I pointed out that $7.42M was the average of all types of healthcare concerns. And, not shockingly, I had a real-life example. About six months ago I had to have a root canal. The endodontist performing the work was a partner in the practice and happened to be, quite the conversationalist. When he found out that I worked in cybersecurity, he told me of the ransomware attack that his practice had suffered earlier in the year. He estimated it cost their practice $150K between remediation and lost appointments.

That $150K was as significant to the small endodontics practice as the $30M was to the mid-sized health system. What would a day of downtime cost your organization?

Patient care is at stake

As much concern as there is related to regulatory exposure and class action litigation, the thing that concerns me the most is the potential for compromising patient care and safety. From the operating room to the dentist’s chair, patient care modalities are exposed to ransomware threats through their connection to an organization’s networks. Savvy attackers pick their targets knowing that disruptions to patient care can have severe if not catastrophic consequences. A University of Minnesota review of Medicare outcomes demonstrated a 33 – 41% increase in mortality among patients already admitted when ransomware attacks occurred. While cybersecurity insurance coverage may defer some of the costs associated with an incident, it can’t restore your good name or the faith the community loses in your reputation.

An ounce of prevention, a pound of protection

Protecting against ransomware, like any other threat requires a layered, holistic approach to the problem. While prevention plays a role, the overall goal is to mitigate the impact of an attack, implementing a layered defense that, significantly reduces the exposure of an organization’s systems and data to an attacker.

A programmatic approach supported by stakeholders that:

• Is risk-based with quantified loss metrics.
• What does an hour, a day, a month of downtime cost?
• The average downtime for healthcare organizations in 2024 was 18 days.
• Is well documented, assigning responsibilities and establishing policy.
• Implements the right combination of technologies and technical controls.
• Educates the user community about the threats facing the organization and empowers them with tools to report and respond.
• Evolves as threats evolve.
• Aligns with relevant regulatory requirements.

This approach scales. You don’t have to be a large organization with a dedicated security team. Solo practices can adopt the above approach.