Healthcare facing record ransom as cyber criminals continue to target sector

Healthcare organisations across the world are buckling under the weight of a flood of cyber-attacks according to experts.

Paul Bishcoff of specialist cyber security, firm Comparitech said data shows that since the beginning of 2018 to February 2024, there have been 743 publicly confirmed ransomware attacks on healthcare organisations around the world.
The attacks have cost US$900,000 which means that estimates are the total cost of these attacks exceeds US$10 billion.

The study found:

• 743 individual ransomware attacks on healthcare organizations. 2021 was the biggest year for attacks with 176 in total.
• 2023 saw an uptick in attacks after a dip in 2022, rising to 162 from 136.

• 82,620,953 individual patient records were impacted in these attacks–at least. 2023 saw 19.2 million affected–slightly less than the biggest year (2021 with 20.1 million)

• Over the last four years, an average day of downtime cost healthcare organizations around $900,000

• We estimate the total cost of these ransomware incidents exceeds $10 billion in downtime alone.

• Downtime varied from a couple of hours of disruption to several months of systems not being at full capacity.

• Hospitals lose a couple of weeks to downtime per attack, on average.

• Ransom demands varied from $900 to $24.5 million.

• The average ransom demand is just over $2 million.
• LockBit carried out the most known attacks in 2023, closely followed by Karakurt. Hive was the most-used strain in 2022, with Pysa, Conti, and Vice Society being more dominant in 2019-2021.

“While it may have looked like things were changing for the better in 2022, all hopes of reduced ransomware risks in the healthcare sector were quashed in 2023,” said Bishcoff. “With an uptick in attacks, high volumes of records impacted, and huge disruptions, the healthcare sector remains a key target for ransomware.”

He explained: “Already this year we have seen some huge attacks on the healthcare industry. The ongoing attack on Change Healthcare is arguably one of the biggest the industry has ever seen. With latest reports suggesting the organisation may have paid the hackers (ALPHV/BlackCat) $22 million in ransom, this paints a bleak picture.

“While organisations should avoid paying the ransom at all costs, it is often, unfortunately, the quickest way to regain access to systems and data.

In the case of Change Healthcare, pharmacies across the US have been disrupted for 10 days and counting. This is not only having a huge impact on the business but on patients who are trying to get their prescriptions. If Change Healthcare has indeed paid the ransom, it is likely because the alternative was more expensive and more disruptive.”

Bishcoff concluded: “While no industry can afford the downtime and data breaches that often arise from ransomware attacks, the healthcare sector is arguably the most sensitive to such attacks. With patients’ health and private medical data at risk, this industry remains an attractive option for hackers. And if Change Healthcare’s ransom payment is confirmed, it may have just become an even more lucrative target.”