Today, Comparitech released the results of its most recent study, looking at the true cost of ransomware on healthcare organisations around the world. It found that, since 2018, there have been 500 publicly-confirmed ransomware attacks; and this excludes those that may have not been disclosed at all. In total, these have crippled nearly 13,000 separate facilities and have impacted almost 49 million patient records. As such, Comparitech was able to estimate that these attacks exceed US$92 billion in downtime alone.
Ransomware attacks have the potential to cause widespread disruption to any organisation. Not only can they encrypt key systems, they can put personal data at risk of theft and exploitation. Place this scenario in a healthcare environment, and the stakes are much higher. Critical systems and patient data may become inaccessible, causing severe delays and, in the worst case scenario, could even be deadly. For example, a lawsuit in Alabama, due for trial this month, suggests a ransomware attack on a hospital led to a baby’s death in 2019.
In their study, Comparitech also explores the extent of ransomware attacks across healthcare organisations around the world. Using data from their worldwide ransomware tracker, the team explored the growing threat of ransomware in the healthcare sector and the true cost of these attacks. However, as the results only include publicly-confirmed attacks, the presented figures likely only scratch the surface.
The key findings highlighted in this report are as shown:
From the beginning of 2018 to October 2022, Comparitech research found:
- 500 individual ransomware attacks on healthcare organisations. 2021 was the biggest year for attacks with 166 in total
- 12,961 separate hospitals/clinics/organisations were potentially affected
- 48,847,107 individual patient records were impacted in these attacks–at least. Just less than half of these (20 million) were impacted in 2021
- Ransom demands varied from $900 to $20 million
- We estimate that hackers have demanded over $1.2 billion in ransoms
- We estimate that nearly $44 million has been paid to hackers in ransom demands
- Downtime varied from a couple of hours of disruption to seven months of systems not being at full capacity
- The average downtime from attacks increased dramatically in 2021 and 2022 with 19.5 and 16 days lost on average, respectively
- The overall cost of downtime is estimated at $92bn
- Conti, Pysa, Maze, Hive, and Vice Society are the most dominant ransomware strains with the first three dominating in 2020/21 but the latter two taking over in 2021/22
According to the results, 2021 was the biggest year for ransomware attacks on healthcare organisations, accounting for just over 33 percent (166) of all the attacks since 2018. 2020 was also a big year, with 137 attacks noted in total.
Both of these years coincide with the COVID-19 pandemic. This can be attributed to the fact that healthcare organisations found themselves stretched and under pressure, allowing hackers to find ways to exploit weak points, such as tired staff members failing to spot phishing emails containing ransomware.
In 2022, ransomware attacks on healthcare organisations remain a very prominent threat. Even though the numbers have seen a dip, the threat should continue to be viewed as a persistent threat, particularly as ransom sums are rowing and downtime is increasing. Hackers are perhaps becoming more targeted in their approach, ensuring widespread disruption is achieved so as to increase their chances of receiving the ransom.
Commenting on this story, Oscar Miranda, CTO for Healthcare at Armis says: “The post pandemic world has seen regulatory changes that have enabled more virtual and remote care programs to continue, which are leading to more distributed environments with more devices that are at risk. In tandem, healthcare IT is being tasked to address many of the same challenges facing healthcare – high costs, staffing shortages, ageing populations. Therefore, healthcare organisations are confronted with not only staffing clinical roles, but IT roles as well. Expectations are higher than ever for IT, but harder to recruit and retain the talent to implement and secure, a more distributed connected environment – and the bad actors are fully aware and exploiting the situation, as evidenced by the Comparitech research.”
Nick Rago, field CTO at Salt Security states that this study reflects: “the stakes for the healthcare industry when it comes to security…” He adds that “it’s also important to understand what’s driving the increase in risk. One source in particular, the widespread adoption of digitalisation, represents the biggest driver of risk — it has accelerated the rate of cybersecurity threats within the healthcare industry. Digital value-added capabilities have brought new and innovative opportunities for healthcare services, but at the same time, these initiatives have also expanded the attack surface. Personal and sensitive healthcare data must be shared across numerous modern healthcare apps to enable services, such as remote access to health records, online medication ordering, and appointment scheduling.”