Ransomware Attacks On US Healthcare Facilities Cost A Bomb


As per an analysis conducted by one of the technology review and cybersecurity research firms, ransomware attacks on healthcare organisations across the US have resulted in an estimated $77.5 billion in economic losses because of downtime since 2016. The time frame of downtime, which mostly refers to the period when establishments do not offer support or are shut down, differed across various attacks. It is well to be noted that some incidents caused only minor disruptions, while others took months to recuperate from.

According to the analysis, organisations went on to experience an average of nearly 14 days of downtime caused by ransomware attacks right from 2016 to mid-October 2023. As per the report, there were almost 539 attacks on nearly 10,000 individual hospitals, clinics as well as other types of healthcare facilities. No wonder, these attacks had a significant impact, harming more than 52 million records of patients.

As per the federal records, healthcare organisations in the US have faced a significant challenge when dealing with data security breaches over the past 10 years. These breaches went on to expose a whopping 385 million patient records right from 2010 to 2022.

Notably, ransomware has gone on to emerge as a significant threat to the healthcare sector, as lawbreakers now demand payment in exchange for restoring access to critical systems as well as patient data.

In 2022, one of the hospital operators in Chicago faced the challenge of cyberattacks that obstructed access to medical records as well as triggered delays when it came to patient care. According to a survey conducted by the Ponemon Institute in 2021, roughly one-quarter of providers reported an increase in mortality rates within their organisations following a ransomware attack.

During the study period of a research firm, ransom demands ranged from $1,600 to $10 million. However, only a limited number of healthcare organisations, particularly 34 out of the 539 attacks, chose to disclose the ransom amounts publicly.

Hackers demanded a total of over $39 million in the 34 attacks. Out of the 160 cases where organisations disclosed whether they had paid the ransom or not, payment was made in 31 instances.

According to the report, many organisations choose not to disclose the ransom amounts or if they have paid them. This is done so as to stop further attacks from being taken up.

Healthcare cyberattacks not just lead to ransom demands but also cause substantial downtime, which can go on to be very expensive. This year, the average cost of downtime has already reached $15.5 million, which is slightly lesser than the $16.2 million recorded in 2022. In 2021, the cost was $9.4 million, while in 2020, it was higher at $19.3 million.

As of now, 2023 has gone on to record the longest average downtime resulting from a ransomware attack, which stands at 18.71 days.