$157 Million Spent on Ransomware Attacks to the Healthcare Sector Since 2016

A new Comparitech study has disclosed the magnitude of ransomware attacks on healthcare companies and their actual price on the healthcare sector.

The study pointed out that healthcare companies in the U.S.A. have experienced around 172 ransomware attacks in the last three years. The attacks had affected 1,446 clinics, hospitals, and other healthcare facilities and around $6,649,713 people.

The number of attacks lessened from 53 cases in 2017 to 31 cases in 2018. However, the incidents in 2019 went back to 2017 levels with 50 reported ransomware attacks on healthcare providers.

Since 2016, the target of 74% of health-related ransomware attacks were the health clinics and hospitals. The other 26% of ransomware attacks were on healthcare providers like nursing homes, medical testing laboratories, dental practices, medical insurance providers, cosmetic surgeons, optometry practices, medical supply vendors, government healthcare institutions, and managed service providers.

Ransom demands differ somewhat between approximately $1,600 to $14 million. Certain ransomware attacks on healthcare providers had ransom demands of as much as $16.48 million since 2016. Comparitech mentioned that healthcare providers have spent a minimum of $640,000 to threat actors to obtain the decryption keys, nonetheless, the accurate cost is likely to be significantly bigger as lots of victims opt not to publicize that facts.

Due to attacks, consultations are typically canceled and information can be forever lost. The time, effort, and expense of remediating ransomware attacks could be exorbitant for certain smaller healthcare companies. Two medical clinics have closed their practices due to ransomware attacks in 2019.

Ransom payments are merely a small portion of all the cost of a ransomware attack. Repairing systems using backup files, or even applying the decryption keys given by the attackers, could take a huge amount of time. Restoring systems and data may take a couple of hours to a few weeks or months. The downtime because of ransomware attacks likewise contributes to the total expenditures.

Comparitech employed a number of various IT news sources, data breach reports, healthcare resources, and HHS’ Office for Civil Rights information, in addition to facts from research on the cost of downtime because of ransomware attacks. The researchers created a low and high approximation of the downtime cost for the 172 proven attacks since 2016 according to that facts. The low and high approximation for the downtime cost were $157,896,000 and $240,800,000, respectively.

Given that hospitals and other health companies are frequently easy targets for threat actors, ransomware is going to continue to be an escalating problem for both companies and patients. The majority of ransomware attacks at this point have focused on patient information and hospital systems, but the possibilities are much worse without applying the proper safety controls. Ransomware attacks could aim for life-saving devices as well as critical patient information and systems.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone