Ransomware attacks on healthcare organisations make headlines regularly. But the coverage usually focuses on large hospitals. The reality is that small and medium-sized dental and medical practices are targeted just as frequently — and often more successfully — because they're seen as easier targets with fewer defences.
Understanding why your practice is attractive to attackers is the first step toward doing something about it.
Ransomware is a type of malware that encrypts files on a device or network, making them inaccessible. The attacker then demands payment — usually in cryptocurrency — in exchange for the decryption key. In recent years, attackers have added a second layer of pressure: threatening to publish or sell stolen data if the ransom isn't paid.
For a dental or medical practice, this means patient records, clinical notes, billing data, imaging files — everything — could be locked or leaked.
Patient health information is worth significantly more on criminal marketplaces than basic financial data. A patient record containing Medicare numbers, health conditions, prescriptions, and contact details can sell for many times the value of a credit card number. That makes healthcare data particularly attractive to steal and monetise.
A practice that can't access its systems can't operate. Patient bookings, clinical records, prescriptions, and billing are all inaccessible. The downtime pressure — combined with obligations around patient care — creates a strong incentive to pay the ransom quickly rather than wait out a lengthy recovery process. Attackers know this and price their demands accordingly.
Most practices don't have a dedicated IT or security team. Systems are often managed by a part-time IT contractor or by staff who picked up the role incidentally. That creates gaps: unpatched software, weak passwords, no MFA, inadequate backups. Attackers specifically scan for these gaps before launching an attack.
Practices run multiple connected systems — patient management software, imaging equipment, billing platforms, Microsoft 365. Each integration is a potential entry point. A compromise of one system can quickly spread to others on the same network.
Under the Privacy Act and the Notifiable Data Breaches scheme, practices have legal obligations when patient data is compromised. Attackers use this as leverage — threatening to report the breach themselves if you don't pay. The reputational damage of a publicly disclosed breach adds further pressure.
Australian context: The Australian Cyber Security Centre (ACSC) has consistently identified healthcare as one of the top sectors targeted by ransomware in Australia. The 2024 MediSecure breach, which exposed data for 12.9 million Australians, is the most prominent recent example — but smaller practices are attacked far more often, with incidents typically going unreported.
The most common entry points are:
You don't need to be perfectly secure — you need to be harder to attack than the next practice. Most ransomware attacks are opportunistic. Attackers target the easiest path. Closing the obvious gaps significantly reduces your exposure.
If you suspect a ransomware attack is underway or has already occurred:
Paying the ransom does not guarantee you'll get your data back — and it funds future attacks. Recovery from a good backup is always the preferred outcome.
We assess your backup strategy, patching, MFA coverage, and endpoint protection as part of a free security audit. Book one today — no obligation.
Book your free audit