Healthcare Sector Resilience Planning Against Ransomware Disruptions
Healthcare organizations are increasingly targeted by ransomware attacks that disrupt critical operations, including patient care, ambulance services, and business processes. Recent incidents, such as the ongoing recovery at Heywood Healthcare's community hospitals and the widespread impact of the Change Healthcare breach, have highlighted the sector's vulnerability to both direct and third-party cyberattacks. Experts emphasize that without robust business continuity and disaster recovery planning, healthcare providers risk significant operational paralysis and patient safety issues during such events.
To address these threats, industry leaders advocate for comprehensive resiliency strategies encompassing governance, IT architecture, and whole-business planning. These measures are essential for maintaining essential services and safeguarding patient care during cyber incidents. The healthcare sector is urged to adopt a mature cyber resilience model that ensures continuity of operations even when core systems or critical vendors are compromised.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Story first reported
Initial story creation
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Cybersecurity as a Strategic Imperative for Healthcare and Business Continuity
Healthcare organizations are increasingly recognizing that cybersecurity must be integrated into core business strategy rather than treated as a purely technical safeguard. According to a 2025 survey of healthcare executives, most leaders acknowledge that prioritizing cybersecurity within business operations is essential for overcoming challenges such as budget constraints and operational risks. Identity and access management (IAM) has emerged as a top investment area, with organizations focusing on real-time detection, authentication, and continuous monitoring to address threats like credential theft and over-provisioned accounts. The shift toward digital healthcare delivery, including remote monitoring and AI-assisted diagnostics, further underscores the need for robust cybersecurity to ensure patient safety and operational resilience. Across industries, the convergence of cybersecurity and business continuity is now critical, as sophisticated threat actors increasingly target not just data but the very infrastructure that supports operational recovery. The average cost of a data breach continues to rise, with business disruption representing the largest share of losses. Attackers are focusing on disaster recovery sites and backup systems, amplifying the financial and reputational impact of incidents. Traditional business continuity plans are proving inadequate against modern threats, highlighting the necessity for organizations to secure their continuity infrastructure and treat cybersecurity as a fundamental enabler of business resilience and innovation.
Mar 21, 2026
Cybersecurity Vulnerabilities in North American Healthcare Systems
Canada's healthcare sector is facing significant cybersecurity challenges as it undergoes rapid digital transformation, with a recent report highlighting increased exposure to ransomware, data theft, and operational disruptions. The Pulse Check: Cybersecurity in Healthcare in Canada report, launched at the InCyber Conference in Montreal, reveals that one in three Canadian healthcare institutions experienced an attempted ransomware attack in the past year. Hospitals and health authorities are particularly vulnerable to threats such as phishing, insider attacks, and exploitation of legacy systems. The report emphasizes that the issue is not solely technological but also cultural, underscoring the need for workforce readiness and cross-sector collaboration to strengthen cyber resilience. Medical device manufacturers and provincial regulators are urged to adopt a holistic approach to risk, integrating data privacy and operational continuity with patient care. Canadian cities like Montreal, Toronto, and Calgary are emerging as leaders in cybersecurity innovation, fostering talent and research to protect public institutions. Targeted ransomware campaigns against Canadian hospitals have surged since 2023, often perpetrated by organized criminal groups exploiting underfunded infrastructure. Meanwhile, in the United States, a report from the Department of Health and Human Services' Office of Inspector General (HHS OIG) found that Medicaid management and enrollment systems in nine states and Puerto Rico have generally effective controls against basic cyberattacks but remain vulnerable to more sophisticated threats. Penetration testing conducted between 2020 and 2022 revealed that while some attacks are thwarted, improvements are necessary to defend against advanced tactics. State Medicaid systems are increasingly targeted due to the sensitive data they hold, with a rise in ransomware, phishing, and denial-of-service attacks posing significant risks. At least six U.S. states have reported major breaches of Medicaid systems between 2012 and 2023, highlighting the persistent threat landscape. Both Canadian and U.S. healthcare sectors are grappling with the dual challenge of modernizing digital infrastructure while addressing evolving cyber threats. The reports stress the importance of integrating cybersecurity into every aspect of healthcare operations, from frontline staff awareness to regulatory oversight. The growing sophistication of cybercriminals necessitates continuous investment in security measures and workforce training. Collaboration between public and private sectors is identified as a key factor in building resilient healthcare systems. The findings underscore that patient safety is intrinsically linked to robust cybersecurity practices. As healthcare organizations become more interconnected, the potential impact of cyber incidents on patient care and data privacy increases. The reports call for urgent action to address security gaps and foster a culture of cyber vigilance across the healthcare ecosystem. Both countries are urged to prioritize cybersecurity as a fundamental component of healthcare delivery. The ongoing digital transformation presents both opportunities and risks, making proactive security strategies essential for safeguarding critical infrastructure. The convergence of technological, human, and regulatory factors will determine the resilience of North American healthcare systems against future cyber threats.
Mar 21, 2026
Impact and Response to the Change Healthcare Ransomware Attack
A ransomware attack on Change Healthcare, a major processor of health insurance claims, exposed the personal health information of over 190 million people and caused widespread disruption across the U.S. healthcare system. Hospitals and clinics were unable to process claims or receive payments, leading to severe cash-flow crises that threatened their operations. In response, the Centers for Medicare and Medicaid Services implemented the Change Healthcare/Optum Payment Disruption Accelerated and Advance Payment program, providing $3.3 billion in emergency relief, though only 11% of hospitals received funds, with rural and unaffiliated hospitals being less likely to benefit. Research from the University of Minnesota analyzed the effectiveness of this relief program and highlighted areas for improvement in future emergency funding responses. The American Hospital Association reported that the Change Healthcare incident was the largest single healthcare data breach in recent years, accounting for the majority of the 259 million records compromised in 2024. The breach underscored the vulnerability of healthcare data, particularly when stored unencrypted and managed by business associates rather than hospitals themselves. The incident has prompted calls for improved asset inventories, better tracking of business associates, and stronger data protection measures to mitigate the risk of similar large-scale breaches in the future.
Mar 21, 2026