A Look at the Causes and How Unstructured Data Management Can Help
The following is a guest article by Krishna Subramanian, Co-Founder and COO at Komprise
Healthcare organizations have perennially been prime targets for ransomware. Patient records contain valuable personal and financial data. Hospitals also run critical services that cannot tolerate downtime.
Ransomware in healthcare is becoming more pervasive and frighteningly commonplace. According to a Censuswide survey from 2025, 77% of healthcare organizations were targeted with ransomware in the past 12 months, and 53% of those attacks were successful.
Attackers continue to get better all the time, no doubt aided by AI, yet we can’t ignore the role of exploding, unmanaged, unstructured data across modern healthcare environments.
Clinical notes, radiology images, pathology slides, PDFs, insurance forms, emails, documents, and research files now dominate healthcare data environments. These files live in file shares, NAS, PACS, cloud storage, AI pipelines, research platforms, and instruments. Most of them sit outside traditional databases that were designed with strict controls. The healthcare organization’s attack surface has grown dramatically.
Healthcare Data is Under Attack
Healthcare organizations were supposed to be among the best-protected sectors. Regulations like HIPAA pushed hospitals to adopt strong privacy and security controls decades ago.
Originally, security programs in healthcare were designed for structured systems such as electronic health records. They were not designed for the onslaught of files scattered across hundreds of repositories.
A single radiology study can generate hundreds of large image files. A pathology lab may produce petabytes of digital images. Doctors dictate long clinical notes. Each department creates its own storage environment, and those environments duplicate and expand with alarming alacrity.
Many healthcare providers now store multiple petabytes of data, with 30-50 PB not abnormal for larger organizations. That scale makes governance difficult. IT leaders can’t often answer basic questions about their data, such as what files contain protected health information, which data sets are used to train AI models, and where redundant copies are stored.
Attackers thrive in that uncertainty. Ransomware groups rarely start with hospital databases anymore. Instead, they often begin with file repositories that contain thousands or millions of documents. These repositories are easier, less secure, and access permissions are often broad.
A Wide Range of Risk, From Privacy to Financial
Recent events show just how disruptive these attacks can be.
In May 2024, a ransomware attack against the hospital network operated by Ascension forced systems offline across a vast care network. Electronic health records became unavailable, and ambulances were diverted from some facilities while hospitals worked to contain the breach. The disruption affected operations across 140 hospitals and dozens of care facilities. Another example occurred at Wayne Memorial Hospital in Georgia. Attackers infiltrated the network, encrypted files, and stole sensitive patient data affecting more than 163,000 individuals.
Cybersecurity researchers have also linked major disruptions across the U.S. healthcare system to ransomware attacks on critical vendors. One high-profile event even resulted in a $22 million ransom payment, a signal to criminals that healthcare victims are willing to pay when clinical operations are at risk.
Healthcare leaders are feeling the pressure. The operational disruption is severe, and the reputational damage can be worse.
A Call to Manage Unstructured Data Differently
Many executives once viewed cybersecurity as a technical issue handled by IT. Today, it sits alongside patient safety and operational continuity as a leadership concern.
When ransomware shuts down hospital systems or exposes patient data, leadership inevitably asks indiscernible questions that land on CIOs, security leaders, and the IT teams managing data.
- Why wasn’t the attack detected earlier?
- Why did the blast radius extend so far?
- Why were sensitive files so easy to access?
Unstructured data keeps expanding as healthcare organizations digitize care and adopt AI. These initiatives depend heavily on large volumes of clinical documents and images. Those datasets often get copied into staging environments, research repositories, and model training platforms. Each copy creates another potential entry point.
Many organizations treat this data simply as storage. They focus on capacity and performance. Governance often comes later, if it comes at all. That approach creates exactly the conditions ransomware groups prefer: large collections of sensitive files with limited visibility and inconsistent access control.
Shrink the Attack Surface with Unstructured Data Classification + Tiering
Healthcare IT teams can help regain control of this data, reducing the impact of ransomware while also gaining other clear benefits for cost reduction and departmental ROI.
Get Visibility
Organizations need a holistic index of what data exists across storage and a better understanding of its value and risk profile. Modern data indexing and semantic analysis technologies can scan petabyte-scale file environments and identify sensitive data such as ePHI and IP, along with rarely-accessed data eligible for archiving.
Classify and Quarantine
Metadata extraction and tagging are powerful capabilities that are becoming more automated for IT. This allows teams to add precise structure and context to file data continuously and at scale so that highly sensitive and valuable data can be discovered across shadow storage and locked down.
Clean House of Dead and Duped Data
Redundant, obsolete, and trivial data (ROT) is a particular problem for healthcare organizations with academic and research arms. Automated lifecycle policies can remove outdated or duplicated files that needlessly bloat the attack surface and expand entry points for attackers.
Prepare Data for AI with Governance
Determining how to balance employee experimentation and productivity gains from AI with the need to protect corporate assets from exposure in public LLMs is a mandate for all IT organizations. Healthcare organizations will need automated, reliable methods to scan, label, and confine sensitive data sets like ePHI across facilities and systems to prevent improper AI data ingestion.
Affordable Ransomware Defense for All Data
In many organizations, encryption and other strong security protections are limited to high-priority, active data. This leaves 70-80% of the “cold” data exposed to attack. By tiering this cold data to immutable object-lock storage, hackers can’t change or delete it, and you are also aggressively shrinking the attack surface. This also creates a logically isolated recovery copy that is physically separated from primary storage and backups. Plus, cold data tiering to object storage can cut storage and backup costs by 70% or more annually
Detect Shadow Sensitive Data
Adopting tools that can automatically and continuously discover sensitive data living in the wrong place and mitigate it is another critical measure for cybersecurity and AI data governance.
Adopting these tactics across data storage and unstructured data can help fill the gaps for a comprehensive anti-ransomware and cybersecurity program for healthcare. Consider four key capabilities to manage the risk of sprawling unstructured data estates: data classification, data remediation and lifecycle management, ransomware defense, and automated data governance.
