Recent research from reviews and research firm Comparitech highlights come unsettling statistics regarding ransomware in the healthcare industry.
Comparitech’s team undertook these efforts to try and gain insight into the growing problem, a difficult task given the complexity of ransomware attacks that aren’t publicly disclosed, as well as the requirement from U.S. Department of Health Services that publish information about attacks only if over 500 people are impacted.
Using a variety of different resources including specialist IT news, data breach reports, and the Health Services reporting tool, Comparitech gathered as much data as possible on ransomware attacks on US healthcare providers, though they acknowledge that this may only be the tip of the iceberg.
The report details costs to individual states and while California had the highest number of ransomware attacks, Michigan saw the highest number of affected patient records.
You can find the entire report here.
Its key findings from looking at the attacks since 2016 included:
- 172 individual ransomware attacks on healthcare organizations
- 1,446 hospitals, clinics, and organizations affected
- 74 percent of organizations affected were hospitals or clinics, the remaining were IT providers (5%), elderly care providers (7%), dental (5%) or optometry practices (6%), plastic surgeons (2%), medical testing (2%), health insurance (1%), government health (1%), and medical supplies (1%)
- 6,649,713 patients affected
- Ransomware amounts vary from $1,600 to $14,000,000
- Downtime caused varies from hours to weeks and even months
- Hackers have demanded ransoms totaling more than $16.48 million since 2016
- Hackers have received at least $640,000 since 2016
- The overall cost of these attacks is estimated at $157 million