Global spending on cybersecurity in healthcare is set to surpass $65 billion by 2021 but the real problem isn’t how much healthcare organizations spend — it’s how much they don’t, according to new research from Cybersecurity Ventures published Thursday.

That’s because ransomware and other cybercriminal attacks are going to get a lot worse before they get any better, said Matt Anthony, vice president of incident response at the Herjavec Group, which sponsored the report. 

“In 2017 healthcare providers are the bull’s-eye for hackers,” the report noted.

Bitcoin, in fact, has enabled and encouraged criminals to pursue ransomware attacks, Anthony said. 

[Shark Tank's Robert Herjavec: Healthcare is ripe for innovation]

“Bitcoin is the engine for cybercriminality, and as long as there is an anonymous way for criminals to get paid, it’s not going to get better anytime soon,” he said. “It’s a winning combination for organized crime – not necessarily Italians in smart suits and fedoras, either. There are large organized communities in China and Russia.”

Anthony explained that the convergence of vulnerable legacy hardware and software systems and the emergence of connected health, Internet of Things devices that are not always built with security in mind, and the super-identity criminals can steal, all make healthcare more attractive to hackers than any other sector.

And the motivation for hospitals to pony up after a ransomware attack is acute since they are often unprepared, underfunded, bogged down by legacy systems and, most important, really need the data cybercriminals just encrypted.

“Hospitals will pay, they’ll pay fast and they’ll pay what it takes to get data back,” Anthony said. “We ask people not to pay but sometimes there’s no alternative in healthcare.”

The report also projected that ransomware damages will reach $1 billion.

Another significant problem is that even healthcare organizations with a data backup strategy in place either lack an effective plan to restore that data in a useable fashion or do not bother to test backup and restore at least twice a year, Anthony said.

“If they’ve never faced a bad attack, hospitals might be complacent about testing restore technology,” he said. 

Anthony said that access management tools and practices are starting to improve, governance teams are taking a sharper look at security than they did before and hospital IT departments are increasingly turn to cloud services for proactive monitoring, log aggregation and alerting but they need to get better at all of those more quickly than they currently are. 

Twitter: @SullyHIT