Report: Healthcare cyberattacks surge on holidays, weekends

The majority of global ransomware attacks occur on weekends and holidays, when cybersecurity staffing is often reduced, according to new data from identity security company Semperis. In healthcare specifically, 47% of attacks occurred on a weekend or holiday, underscoring the need for increased vigilance.

Semperis partnered with Censuswide to conduct a survey of 1,500 IT and security professionals across multiple industries, including healthcare and other critical infrastructure sectors, such as energy, government and education.

Globally, the report revealed that holiday and weekend cyberattacks continue to disrupt organizations regularly. The Cybersecurity and Infrastructure Security Agency, or CISA, has warned critical infrastructure about this trend for years.

Still, 73% of surveyed healthcare organizations reported reducing their security operations center (SOC) staffing by 50% or more on weekends and holidays. More than 60% of healthcare respondents reported reducing SOC staffing to achieve a better work-life balance, while others did so because their organizations were closed during that time.

Furthermore, 36% of healthcare respondents said that they reduced staffing because they did not believe they would be attacked.

"Threat actors continue to take advantage of reduced cybersecurity staffing on holidays and weekends to launch ransomware attacks. Vigilance during these times is more critical than ever because the persistence and patience attackers have can lead to long lasting business disruptions," Chris Inglis, former U.S. national cyber director and Semperis strategic advisor, said in a press release accompanying the report.

"In addition, corporate material events such as mergers and acquisitions often create distractions and ambiguity in governance and accountability -- exactly the environment ransomware groups thrive on."

The report showed that material corporate events, such as layoffs, also created a perfect environment for cyberattacks. About half of healthcare respondents said that a cyberattack occurred after layoffs, while 60% said a cyberattack occurred after a merger or acquisition.

The data underscored some of the factors that make an organization an attractive target for cyberthreat actors -- reduced staffing, distractions and instances of decreased vigilance. The report emphasized the importance of maintaining situational awareness and vigilance to ensure security during these times.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.