Over 1,500 US healthcare organizations have spent more than $157 million in recovery costs (including downtime) due to ransomware attacks since they became prevalent in 2016, says report by Comparitech researchers. The company, which helps consumers compare tech services, has recently released the results of its investigation of US healthcare organization data, including breach reports, IT news channels and the Department of Health and Human Services breach portal. And the results speak for themselves.
Comparitech’s researchers found that 172 ransomware attacks on US healthcare organizations took place between 2016 and 2019. These affected 1,446 clinics, hospitals and other healthcare organizations, as well as over 6.6 million patient records. According to the study, 74% of the affected organizations were hospitals with the remaining organizations composed of IT providers (5%), elderly care providers (7%), dental providers (5%) or optometry practices (6%), plastic surgeons (2%), medical testing (2%), health insurance (1%), government health (1%) and medical suppliers (1%).
The attacks interfere with organizational systems, stopping healthcare organizations from accessing patient information until a payment is made. This results in financial losses, delays, untreated patients and cancelled appointments. On average, the ransom amounts varied widely from $1,600 to a staggering $14 million, with the total amount demanded since 2016 reaching 16.48 million (hackers have received more than $640,000 of this amount in this time period). Since not all healthcare providers declared the ransom amounts, these numbers are a mere estimation. Meanwhile, the organizational downtown caused by the cyberattacks varied from hours to even months.
The losses incurred by different states also varied. States such as Arkansas and Alaska with only one incident of cyber ransom lost between $918,000 and $1.4 million. Meanwhile, states such as California that experienced 25 ransomware attacks suffered a downtime cost of between $22.95 million and $35 million. Texas has had the second highest number of cyberattacks on healthcare organizations with 14 institutions affected since 2016 and a downtime cost of between $12.85 million and $19.6 million.
According to Comparitech, ransom attacks in the healthcare sector reached their highest number during the last quarter of 2019, with researchers adamant that the trend is likely to continue into 2020. “These waves of attacks may relate to different types of ransomware being developed. However, with many organizations failing to disclose the type of ransomware used in the attack, it is difficult to know if this is the case,” Comparitech researchers have stated. “In the US, cybersecurity is often decided by each individual organization or the corporation behind them. Sophisticated cyberattacks will continue to pose a threat to hospitals’ revenues and operations, putting the safety of patients at risk. The latter will, in turn, put even more pressure on hospitals due to the potential lawsuits that may follow.”