Why Ransomware Loves Hospitals More Than Banks
Banks can freeze transactions.
Hospitals cannot freeze patients.
That one sentence explains why hackers, the most calculated criminals of our era, have made hospitals their favourite target. Not banks. Not governments. Hospitals.
When a hospital's systems go down, real people are lying on operating tables. Real doctors are waiting for scan results. Real families are in waiting rooms praying that the machines keeping their loved ones alive do not suddenly go dark.
Hackers know exactly what that pressure feels like. And they price it accordingly.
Explain It Like I'm 10
The Locked Library
Imagine your school has one big library with every student's books locked inside. Without those books, no class can happen. No lessons. No exams. The whole school stops.
Now imagine a bully sneaks in one night, chains the library doors shut, and takes the only key. Then he slides a note under the door: "Pay me ₦500,000 and I'll give you the key back."
Your school principal has a choice: pay the bully, or keep every student out of class for weeks while a locksmith is found.
That's ransomware. The library is the hospital's computer system. The books are patient records. The bully is a hacker — usually sitting thousands of kilometres away, in a country with no extradition agreement.
And the worst part? Once you pay, there is no guarantee the bully actually gives you the key.
The Economics of Healthcare Ransomware
Ransomware is a category of malware that encrypts a victim's data and demands payment — typically in cryptocurrency — for the decryption key. In every sector, the attacker's leverage is proportional to the victim's inability to function without their data.
Healthcare presents the most extreme version of that equation. Clinical operations are time-critical and life-dependent. An investment bank whose trading platform goes dark loses money; a hospital whose systems go dark may lose patients. That asymmetry produces near-instant ransom payment — the average healthcare organisation under attack pays within 72 hours.
Compounding this is the state of hospital infrastructure. The majority of clinical IT environments run on legacy systems — some built on Windows XP-era architecture — that have never been patched against modern threat vectors. Electronic Health Records (EHR) systems are deeply integrated and rarely air-gapped, meaning a single phishing email can cascade into full network encryption within hours.
In Nigeria and across Africa, the threat surface is wider: public hospitals frequently lack dedicated security operations teams, use unmanaged personal devices on clinical networks, and have no cyber incident response plans. The result is not just vulnerability — it is undetected vulnerability.
Real-World Examples
It Has Already Happened — And It Is Escalating
The Largest Healthcare Data Breach in American History
In February 2024, a ransomware group called ALPHV/BlackCat attacked Change Healthcare — a company that processes roughly one-third of all medical claims in the United States. Pharmacies could not fill prescriptions. Hospitals could not verify insurance. Payments stopped flowing across the entire system. The parent company UnitedHealth Group paid a reported $22 million ransom. Over 100 million patient records were ultimately compromised.
Surgeries Cancelled. Patients Diverted. Staff Using Pen and Paper.
When a ransomware attack hit this NHS health board in Wales, clinical staff were forced to revert to paper records overnight. Outpatient appointments were cancelled. Surgical lists were disrupted. Emergency patients had to be diverted to other facilities. For a week, one of the region's main hospital networks operated as if the internet had never been invented.
Underreported. Underprepared. Increasingly in the Crosshairs.
Cybersecurity firm Sophos reported in 2024 that healthcare was the sector least likely to recover data fully after a ransomware attack — even after paying. On the African continent, attacks on healthcare infrastructure are significantly underreported, partly due to the absence of mandatory breach disclosure regulation in many countries. But the attacks are happening. Several West African hospitals have experienced system outages traced to ransomware that went publicly unacknowledged. The silence does not mean safety. It means we do not yet have the reporting culture that would reveal the true scale.
How It Happens
A Hospital Attack in Five Steps
The Email
A staff member — nurse, receptionist, administrator — opens a convincing phishing email. It looks like a payslip update, a medical supply invoice, or a government health portal notification.
The Foothold
Malware installs silently. The attacker now has access to the hospital network. They stay quiet — sometimes for weeks — mapping systems, identifying the most critical servers.
The Exfiltration
Before encrypting anything, they copy patient records, financial data, and operational files. Now they have two forms of leverage: locking you out and threatening to publish your patients' data publicly.
The Lock
At a chosen moment — often a Friday evening or public holiday — they trigger the encryption. Every file becomes unreadable. Every system goes dark. Clinical operations halt.
The Demand
A ransom note appears on every screen. Payment in Bitcoin. A deadline. A threat. A hospital with patients in the ICU does not have the luxury of waiting. The clock is the weapon.
You may not run a hospital. But your data lives inside one. Here is what you can do as a patient — and what you should demand as a citizen.
Ask Your Hospital About Cybersecurity
When you visit a healthcare facility, you are within your rights to ask: "Do you have a cybersecurity policy? Have you experienced a data breach?" It is a patient rights question, not a technical one. If they cannot answer it, that itself is an answer.
Know What Records Exist About You
Request a copy of your own medical records from any hospital you attend. Understanding what data exists about you — diagnoses, prescriptions, procedures — is the first step to understanding what is at risk if that hospital is breached.
Do Not Use Hospital Wi-Fi for Personal Business
When visiting a hospital, avoid connecting to their guest Wi-Fi for banking, email, or anything sensitive. Hospital networks are high-value targets and may already be compromised without anyone knowing.
Advocate for Cybersecurity Investment in Public Healthcare
In Nigeria, this is a policy conversation. The hospitals most likely to be underprepared are government hospitals serving the majority of Nigerians. Citizens, civil society, and healthcare workers all have a stake in demanding that cybersecurity infrastructure receives the same attention as physical infrastructure.
A ransomware attack on a hospital is not an IT problem. It is a public health emergency wearing a digital mask.
When the systems go down, the most vulnerable patients pay the highest price.
Your medical history is in those walls.
Make sure those walls can hold.
Ask. Demand. Stay informed.
Because silence from a hospital about security is not reassurance — it is a warning.
