Ransomware attacks on healthcare facilities cost $77.5B in downtime, report finds | #ransomware | #cybercrime

This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Ransomware attacks on U.S. healthcare organizations have cost the economy around $77.5 billion in downtime since 2016, according to an analysis by technology review and cybersecurity research firm Comparitech.
  • Downtime, when facilities are unable to provide services or are shut down, varied between attacks. Some caused minimal disruption, while others required months to recover. On average, organizations lost nearly 14 days to downtime from ransomware attacks from 2016 to mid-October this year, according to the analysis.
  • The report tallied 539 attacks on nearly 10,000 separate hospitals, clinics or other healthcare facilities, which impacted more than 52 million patient records. 

Dive Insight: 

Data breaches have become an increasingly large challenge for healthcare organizations over the past decade, exposing 385 million patient records from 2010 to 2022, according to federal records. 

Ransomware, where criminals demand a payment to return access to critical systems and patient data, has also risen to become a serious threat to the healthcare sector

Cyberattacks can disrupt access to medical records and delay patient care, a challenge faced by Chicago-based CommonSpirit Health when the hospital operator was attacked last year. About a quarter of providers said their organizations saw a rise in mortality rates after a ransomware attack, according to a 2021 survey from the Ponemon Institute.

Ransomware attacks spike during the pandemic

Number of ransomware attacks against healthcare organizations, from 2016 to mid-October 2023

Ransom demands varied from $1,600 to $10 million during Comparitech’s study period. But only a small number of healthcare organizations — representing 34 out of the 539 attacks — publicly released ransom amounts. 

Hackers demanded more than $39 million across the 34 attacks, and they received payment in 31 out of 160 cases where organizations disclosed whether or not they had paid the ransom. 

Many organizations don’t want to disclose ransom amounts or whether they paid, to avoid incentivizing more attacks, according to the report.

In addition to ransom demands, downtime is a costly effect of healthcare cyberattacks. The average cost of downtime so far in 2023 reached $15.5 million, compared with $16.2 million in 2022, $9.4 million for 2021 and $19.3 million lost in 2020.

So far, 2023 has reported the highest average downtime due to a ransomware attack at 18.71 days. 

Downtime due to ransomware attacks on the rise

Average downtime in days from 2016 to mid-October 2023

Source link

National Cyber Security