Cybercriminals often target healthcare organizations during the holidays, seizing the opportunity to exploit vulnerabilities when defenses are weakest.
Watsonville (Calif.) Community Hospital was struck by a cyberattack on Nov. 29, the day after Thanksgiving, forcing the hospital to take its IT systems offline and rely on paper records and prescriptions. Although inpatient and outpatient services remain operational, delays continue to affect the emergency department, according to the latest update from the hospital.
Similarly, on Dec. 5, Anna Jaques Hospital in Newburyport, Mass., disclosed that it had detected unauthorized activity within its network during the 2023 Christmas holiday. The hospital's investigation, which concluded nearly a year later on Nov. 5, revealed that an unauthorized party had accessed sensitive files containing personal information.
In another instance, a ransomware attack struck Ardent Health, a 30-hospital system based in Nashville, Tenn., on Thanksgiving 2023. The attack caused significant disruptions across facilities in at least four states in the South and Midwest.
A global survey of 900 IT and security professionals by Semperis highlights the trend: 86% of organizations that experienced a ransomware attack in the past year were targeted during weekends or holidays, when staffing is typically reduced. The study also found that many organizations cut security staffing during these high-risk periods, further amplifying vulnerabilities.