Breaking Down the Top 6 Healthcare Cyberattacks of May 2024

Healthcare delivery organizations (HDOs) face an especially fraught threat landscape. Financially motivated cybercriminals regularly target HDOs for compromise, most likely because healthcare has not historically invested a substantial amount in security, but also because HDOs have some of the lowest tolerance for downtime of any industry. 

With good reason too. Downtime in a healthcare environment can result in increased patient mortality, with an average of 20% to 30% of HDOs reporting worse health outcomes in a recent study. This makes preventing a cyberattack a matter of ensuring patient health long-term, while also protecting the HDO from a massive financial loss. The average healthcare data breach cost $10.93 million according to IBM’s research

The attacks against HDOs show no signs of stopping, making it imperative that healthcare organizations maximize their protection against all forms of threats. A few of the most recent data breaches and cyberattacks demonstrate the need for HDOs to re-examine their defensive practices and procedures to ensure long-term security

6 Cyberattacks on Healthcare Organizations in May 2024

HDOs face cyberattacks for a variety of reasons, like employee mistakes, business email compromise, and ransomware. These attacks that occurred in or were reported in May 2024 run the gamut in terms of causes and impacts, but nevertheless showcase the challenge facing HDOs protecting their patients and the IoMT that contribute to their health.

1. CentroMed Unauthorized User Access

On May 1, CentroMed in San Antonio, Texas, discovered an unauthorized user had gained access to their IT network on April 30. The resulting attack resulted in the compromise of data on 400,000 patients, including names, addresses, dates of birth, medical and health information, insurance information, Social Security numbers, financial account information, and medical claims data. 

CentroMed began notifying the affected patients on May 17 and reported the breach to government regulators as well. This is the second breach CentroMed has experienced in the past 12 months, falling victim to Karakurt ransomware in June 2023.

2. Trego County Lemke Ransomware Attack 

Trego County Lemke Memorial Hospital in Wakeeney, Kansas, reported a ransomware attack in May. The hospital began experiencing a network disruption on May 6, and the subsequent investigation revealed that they had been targeted for a ransomware attack. They haven’t yet released the full scope of the attack’s results as of the end of May. There has also been no indication of what data was stolen from the hospital’s network, but that intelligence will likely be revealed later. 

Ransomware is one of the more persistent issues in healthcare and one of the more damaging. The full impact of the attack on Trego County Lemke Memorial Hospital isn’t going to be known for a few more weeks or months.

3. Ascension Confirms Ransomware

Ascension Health, one of the largest nonprofit hospital companies in the United States, confirmed on May 11 that it experienced a ransomware attack a few days before. The company operates 140 hospitals throughout the country, as well as retail pharmacies and other medical services. As of May 23, many of the Ascension pharmacies throughout the country could not fill prescriptions, Ascension facilities in Tennessee were diverting patients to non-Ascension hospitals, and some diagnostic services were being delayed. 

The company said it was working on restoring services system-wide, but already the legal fallout and calls from employee unions to ensure patient safety have started to come in as a consequence of the recovery efforts.

4. Palomar Health Medical Group Suspicious Activity 

Palomar Health Medical Group took its phones and patient portal offline after it told patients that it was investigating “suspicious activity on certain computer systems within its network.” The company recommended that patients go to their doctors’ offices in person, and some patients told news reporters that their appointments were delayed by a few hours. There have been no updates from the company about what, if any data, was compromised as of May 28.

5. MedStar Health Unauthorized Email Access

MedStar Health said on May 3 that hackers accessed employee accounts. The breach resulted in compromising the data of 183,079 patients. The unauthorized access occurred intermittently between January and October of 2023, according to the company, which did not say what that email access entailed. Forensic analysis was started in March, and completed in early May for the full reveal of what data was compromised.

6. Lakeview Health Data Breach

Lakeview Health in Jacksonville, Fla., announced a data breach that exposed the protected health information of some patients. The breach originally occurred in January, but the investigation concluded on May 6 when they discovered that health data had in fact been exposed. The information affected included the patient’s name, address, date of birth, Social Security number, driver’s license number, financial account number, patient ID, medical treatment information, diagnosis or conditions, prescription information, and health insurance information.

Healthcare Organizations Need a New Strategy

In the face of attacks like those enumerated above, healthcare organizations need to adopt a new strategy to defend their critical patient data. This risk-based defensive method means that security teams can limit their exposure to potential threats or even accidental data loss. In practice, this means conducting regular vulnerability scans of network-accessible infrastructure to identify weaknesses, as well as prioritizing the discovered weaknesses to ensure that the riskiest issues are resolved first. 

Asimily is designed to help hospitals defend their connected devices and critical systems with a risk-based methodology. With key capabilities around inventory management for connected medical devices, as well as risk-based prioritization of discovered vulnerabilities, Asimily empowers security teams with a risk-based security methodology that will make them safer immediately and over the long term. 

Hospitals face substantial information security headwinds in the market today. Between tight operating margins, skill and resource constraints, and a flood of cyberattacks, the average healthcare organization has a lot of challenges to consider. A risk-based, holistic approach to securing this infrastructure empowers hospitals with cost savings, a better security posture, and an overall more resilient infrastructure. 

The modern healthcare cybersecurity landscape challenges. For hospitals with limited resources, an increase in cyberattacks makes the situation even more challenging. Asimily customers can be confident that they’re empowered with some of the most effective insight into their connected devices and risk-based insight to improve their security.

To find out how Asimily can help minimize the risk of connected devices at your organization, download our white paper: IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper. To get started immediately, contact us today.         

IoT Device Security in 2024 The High Cost of Doing Nothing | Asimily


Reduce Vulnerabilities 10x Faster with Half the Resources

Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.