Revenue Cycle Management
COVID-19
Reimbursement
Diabetes Awareness Month
Risk Management
Patient Retention
Staffing
Medical Economics® 100th Anniversary
Coding and documentation
Business of Endocrinology
Telehealth
Physicians Financial News
Cybersecurity
Cardiovascular Clinical Consult
Locum Tenens, brought to you by LocumLife®
Weight Management
Business of Women's Health
Practice Efficiency
Finance and Wealth
EHRs
Remote Patient Monitoring
Sponsored Webinars
Medical Technology
Billing and collections
Acute Pain Management
Exclusive Content
Value-based Care
Business of Pediatrics
Concierge Medicine 2.0 by Castle Connolly Private Health Partners
Practice Growth
Concierge Medicine
Business of Cardiology
Implementing the Topcon Ocular Telehealth Platform
Malpractice
Influenza
Sexual Health
Chronic Conditions
Technology
Legal and Policy
Money
Opinion
Vaccines
Practice Management
Patient Relations
Careers

Ransomware attacks have cost more than $77 billion since 2016

October 31, 2023

Jeffrey Bendix

News

Article

Report finds 539 confirmed attacks affecting 10,000 facilities

©arrow-stock.adobe.com

U.S. health care organizations have experienced 539 ransomware attacks since 2016 costing about $77.5 billion, according to a new study.

The study, from the online security firm Comparitech, shows that ransomware attacks on health care organizations grew steadily from 34 in 2016 to 56 in 2019. They more than doubled in the next two years to a high of 115 in 2021 before declining the following year to 84. Sixty-six attacks had been recorded through mid-October of this year

The number of patient records affected by ransomware attacks grew from 369,000 in 2016 to a high of just over 20 million in 2021. Through mid-October of 2023 about 7.3 million records had been affected.

Seven of the organizations studied in the report disclosed how much they lost because of ransomware attacks. The largest loss was for $160 million at Chicago-based CommonSpirit Health, an attack that also forced 400 of the system’s 700 care sites offline for three weeks. Among the others:

•Scripps Health in May 2021 reported a loss of $112.7 million
•Harvard Pilgrim Health Care (Point32Health), reported a loss of $102.7 million in March 2023,
•Universal Health Services reported a September 2020 loss of $67 million,
•Bio-Rad Laboratories, Inc., had a $20 million loss from an attack in December 2019

“While ransomware attacks in general are destructive, the impacts on healthcare facilities are arguably some of the most catastrophic,” the report notes. “They cripple key systems and prevent hospitals from accessing crucial patient data until a fee is paid to the hacker or the ransomware is removed by IT specialists.”

The report finds that through mid-October of 2023 66 ransomware attacks had been launched on 1,568 medical institutions leading to more than 7.3 million breached patient records and causing an average of 18.7 days of downtime.

Other findings include:
• 52.2 million individual patient records were affected by ransomware attacks
• Ransomware amounts varied from $1,600 to $10 million
• On average medical organizations lost nearly 14 days to downtime across all years, from 2.6 in 2018 to 18.71 in 2023. In total, this accounted for 6,347 days of downtime
• Hackers demanded more than $39 million across 34 attacks and received payment in 31 out of 160 cases where the medical organizations disclosed whether they paid the ransom.
• The overall cost of these attacks is estimated at around $77.5 billion