Cyberattacks can lead to compromised data, ransom demands, and a huge financial burden.
In recent years, the United States healthcare sector has faced a mounting threat in the form of ransomware attacks, with devastating consequences costing companies billions. A recent report by cybersecurity research company Comparitech showcases a disconcerting trend: More than 539 ransomware attacks have been confirmed on healthcare organizations since 2016 throughout the U.S. These attacks have affected over 10,000 separate healthcare facilities.
The attacks have led to compromising more than 52 million patient records. This has had a staggering economic impact, costing an estimated a $77 billion or more, primarily attributed to the downtime incurred.
Ransomware attacks, a type of cyber threat that encrypts vital data until a ransom is paid to the hackers or the malware is removed by IT specialists, have been a growing concern for healthcare organizations. The situation intensified during the COVID-19 pandemic, with an alarming surge in attacks.
These cyberattacks target essential systems, rendering hospitals incapable of accessing critical patient data, disrupting patient care, and potentially causing life-threatening situations.
For example, CommonSpirit Health, a healthcare system based in Illinois with over 700 care sites and 142 hospitals, had to bear a ransomware attack in October 2022. The attack’s overall cost has already exceeded $160 million. These expenses are expected to continue rising as 2024 rolls in. During this incident, 400 care sites were offline for three weeks, emphasizing the severe repercussions of such attacks.
To understand the true cost of ransomware attacks on the U.S. healthcare sector, it is essential to explore the broader impact of these incidents. Healthcare organizations often don’t showcase any ransomware attacks on their systems. This is particularly the case where ransom payments have been made. Information about these attacks usually becomes public only when the breach disrupts systems or compromises patient data.
To compile their findings, Comparitech’s team of researchers scoured various healthcare resources, including specialist IT news, data breach reports, and state reporting tools. By analyzing the downtime data and the comparative ransom amounts paid, they estimated the average cost of all ransomware attacks on the industry. Nevertheless, due to the concealed nature of many such breaches, these figures are believed to only scratch the surface of the problem.
The report highlights some key findings from 2016 to mid-October 2023:
- 539 individual ransomware attacks on medical organizations.
- Nearly 10,000 separate hospitals, clinics, and organizations were potentially affected.
- Over 52 million patient records were compromised.
- Ransom demands ended up costing companies anywhere from $1,600 to $10 million.
- Because of regular data backups, the downtime and disruption were minimized.
- On average, medical organizations lost nearly 14 days to downtime across all years.
- Hackers demanded more than $39 million across 34 attacks, receiving payment in 31 of the 160 cases where disclosure occurred.
- The overall cost of these attacks is estimated at around $77.5 billion.
- Notable hacker groups involved in these attacks include Conti, Maze, Hive, Pysa, and LockBit.
The true cost of these attacks is likely higher than the figures reported, making it imperative for healthcare institutions and policymakers to take decisive measures to safeguard sensitive patient data and critical healthcare systems. The evolution of these attacks and their regional variations emphasize the need for a comprehensive and coordinated response to mitigate this growing threat to the healthcare sector.
Sources:
InnovationRx: Ransomware Attacks On U.S. Health Systems Have Cost The Economy Nearly $8 Billion
Ransomware in Healthcare: Stats and Recommendations
Cases Currently Under Investigation
RCM Company Reports Data Breach Tied to MOVEit Software, 1.9M Impacted
Join the conversation!