Following the $22 million payment made by Change Healthcare to a ransomware gang, cybersecurity firm Recorded Future documented 44 incidents targeting healthcare organizations in the month that followed, marking the highest number of attacks ever recorded in a single month.

The warning from cybersecurity experts that paying such large sums of money to hackers would only incentivize further attacks appears to have been proven true. The payment made by Change Healthcare, one of the largest ransomware payouts in history, has seemingly triggered a vicious cycle of attacks on vulnerable victims within the healthcare sector.

Allan Liska, a threat intelligence analyst at Recorded Future, emphasizes that the spike in attacks is likely linked to the high-profile payment made by Change Healthcare. He states, "These kinds of large payments are absolutely going to incentivize ransomware actors to go after healthcare providers because they think there's more money to be made there."

The consequences of these attacks have been severe, with some healthcare organizations experiencing life-threatening disruptions. Ascension, a network of hospitals and senior living facilities, had to divert ambulances, potentially leading to delays in emergency procedures. The Simone Veil hospital in Cannes, France, had data stolen and publicly released after refusing to pay a ransom. Additionally, London hospitals were forced to postpone surgeries and seek blood donations due to the impact of a ransomware attack on pathology firm Synnovis.

Recorded Future's data not only shows a surge in ransomware attacks specifically targeting the healthcare sector in April, but it also highlights an overall rise in healthcare ransomware incidents compared to previous years. The spokesperson for United Healthcare, the parent company of Change Healthcare, points to the overall trend of increasing attacks on the healthcare industry, which predates the high-profile incident involving Change Healthcare.

The complexity of Change Healthcare's ransomware situation was further compounded by the fact that the hacker group AlphV disappeared after receiving the $22 million ransom, neglecting to share the profits with their affiliates. This unusual turn of events led the affiliates to offer the stolen data to another group, RansomHub, which demanded a second ransom from Change with the threat of leaking the data.

While it remains unclear whether a second ransom was paid, security researchers believe that the widely circulated rumors of a "double ransom" have only fueled the belief among ransomware hackers that the healthcare sector is willing to pay significant sums to regain control of their systems.

This alarming trend has made the healthcare industry an increasingly attractive target for hackers, given the sector's vulnerabilities and the potential financial gain. As the number of attacks continues to rise and healthcare providers may feel compelled to pay ransoms to protect their critical systems, the frequency and severity of ransomware attacks in the healthcare sector are likely to persist.

Updated data shows that ransomware incidents have occurred throughout the first four months of this year, not just in April.