Bloomberg Law
June 4, 2020, 7:02 PM

Hospitals Among Hackers’ Favorite Ransom Targets, Insurer Warns

Ayanna Alexander
Ayanna Alexander

Hospitals may be better prepared for cyberattacks than other industries, but they’re still a favorite bull’s-eye for hackers during the coronavirus pandemic.

Online doctor visits have surged during pandemic to keep patients and providers from potentially exposing themselves and others to the virus. That shift opened up new opportunities for hackers to attack hospital networks.

Hospitals face a higher risk than other health-care entities for ransomware attacks, according to a Thursday report from Corvus Insurance.

“Unfortunately, we did see cyber adversaries increase their targeting of hospitals through phishing emails and cyberattacks or other online frauds, so it was a very difficult situation because the primary objective is to treat patients,” John Riggi, the American Hospital Association’s senior adviser for cybersecurity and risk, said.

“Hospitals had to really ensure that they did maintain protection around remote technologies and increase the number of medical devices attached to the networks.”

The health-care industry saw a 350% jump in ransomware attacks during the last quarter of 2019, according to Corvus Insurance.

In April, the Federal Bureau of Investigation said it received more than 1,200 complaints related to Covid-19 scams to its Internet Crime Complaint Center. Cyber actors also deployed ransomware at medical facilities and created fake Covid-19 websites that downloaded malware to devices, the agency added.

These risks typically arise through open ports in computer networks and phishing emails.

Open ports help network systems identify, establish, and transmit data, but can become dangerous when they’re not properly secure. Hospitals, on average, have roughly eight open ports. Those open ports from a remote desktop could leave them 37% more susceptible to a ransomware attack, the report found.

Phishing emails are also a big pathway for ransomware, but email scans and other filtering options may be used to check for malware, spam, and other cyber viruses. However, 75% of hospitals don’t use an email scanning and filtering tool, according to the report.

To contact the reporter on this story: Ayanna Alexander in Washington at

To contact the editors responsible for this story: Fawn Johnson at; Andrew Childers at