Ransomware Strikes Again: Healthcare Under Siege What You Need to Know

Healthcare in the Crosshairs

If it feels like ransomware attacks on hospitals and clinics are happening more often, that’s because they are. Healthcare organizations already stretched thin are now prime targets for cybercriminals looking to exploit sensitive patient data and critical systems.

In just the past month, three major healthcare providers DaVita, Bell Ambulance, and Alabama Ophthalmology Associates were hit by ransomware attacks, exposing the personal and medical data of hundreds of thousands. These incidents aren’t just IT problems; they’re putting lives at risk.

Who Got Hit And What Was Stolen?

1. DaVita: Dialysis Giant Forced Into Manual Mode

DaVita, one of the largest dialysis providers in the world, confirmed a ransomware attack on April 12 that encrypted some of its on-premises systems. While patient care continues (thanks to emergency protocols), the attack highlights how even massive healthcare firms struggle with cybersecurity.

What’s at stake?

• Potential access to patient treatment records

• Disruptions to critical care systems

• No confirmed ransomware group has claimed responsibility yet

2. Bell Ambulance: 114,000 Patients Exposed

Milwaukee’s Bell Ambulance, which handles over 120,000 emergency calls yearly, disclosed a breach first detected in February. The Medusa ransomware gang took credit, stealing:

• Social Security numbers

• Medical histories

• Driver’s license and financial details

The company is still assessing the damage, but with first responders relying on digital systems, any downtime could delay life-saving care.

3. Alabama Ophthalmology Associates: 131,000 Records Leaked

This eye care provider discovered an attack in late January, but patient notifications only went out in April. The BianLian ransomware group (known for aggressive double-extortion tactics) stole:

• Names, addresses, birth dates
• Health insurance details
• Some Social Security numbers

The delay in disclosure raises questions why did it take nearly three months to inform patients?

Why Healthcare? Because Criminals Know They’ll Pay

Healthcare isn’t just a soft target it’s a lucrative one. Unlike retailers or banks, hospitals and clinics can’t afford downtime. Delayed surgeries, inaccessible patient records, and disrupted pharmacies create immediate pressure to pay ransoms.

Worse, patient data sells for top dollar on the dark web.

Medical records can fetch 10x more than credit card details.

Cybercriminals exploit the urgency hospitals often pay to restore operations quickly.

The Change Healthcare breach (190 million records leaked in 2024) proved how devastating these attacks can be. Pharmacies couldn’t process prescriptions, and smaller clinics faced cash flow crises.

How Can Healthcare Fight Back?

Anton Ovrutsky, a cybersecurity expert at Huntress, says the key isn’t fancy tech it’s getting the basics right:

Multifactor Authentication (MFA): A simple step that blocks most attacks.
Network Segmentation: Isolate critical systems so ransomware can’t spread.
Regular Backups: If data is held hostage, backups let you recover without paying.

Yet, many healthcare providers still rely on outdated software or skip patches due to budget constraints. Until that changes, ransomware gangs will keep winning.

The Bottom Line: Patients Deserve Better

These attacks aren’t just about stolen data they erode trust in healthcare systems when people need them most. With ransomware surging 300% since 2015, hospitals and clinics must prioritize cybersecurity before the next breach not after.