Nearly 7M Patients Affected by Ransomware Attacks Since 2016, Report Finds

Feb. 12, 2020
Hackers have demanded ransoms totaling more than $16 million in these attacks, and have received at least $640,000 since 2016, researchers revealed

Ransomware attacks continue to plague the healthcare industry, and a new report sheds light on the many different ways the impact has been felt, sector-wide.

The report from cybersecurity company Comparitech noted that since 2016, ransomware attacks have become a huge cause for concern for hospitals all over the world. As a result, patient care organizations have had to deal with severe delays and costs to healthcare organizations, patients left untreated, and appointments canceled.

The research team at Comparitech analyzed data from ransomware attacks affecting healthcare organizations since 2016, including both the large breaches, impacting more than 500 people, published by the U.S. Department of Health Services (HHS), as well as the attacks impacting fewer people, but that still became public by making the news. The researchers then applied data from studies on the cost of downtime to estimate a range for the likely cost of ransomware attacks to healthcare organizations.

Some of the team’s key findings include:

  • 172 individual ransomware attacks on healthcare organizations
  • 1,446 hospitals, clinics, and organizations affected
  • 74 percent of organizations affected were hospitals or clinics, the remaining were IT providers (5 percent), elderly care providers (7 percent), dental (5 percent) or optometry practices (6 percent), plastic surgeons (2 percent), medical testing (2 percent), health insurance (1 percent), government health (1 percent), and medical supplies (1 percent)
  • 6,649,713 patients affected
  • Ransomware amounts vary from $1,600 to $14,000,000
  • Downtime caused varies from hours to weeks and even months
  • Hackers have demanded ransoms totaling more than $16.48 million since 2016
  • Hackers have received at least $640,000 since 2016
  • The overall cost of these attacks is estimated at $157 million

What’s more, the state with by far the most number of attacks over this time period is California, with 25 recorded cyberattacks, according to the research. The state with the next highest amount of ransomware attacks is Texas, with 14. It should be noted that with such a large concentration of healthcare providers within these states, perhaps this isn’t too much of a surprise.

Nonetheless, for California organizations, the estimated cost of downtime from these attacks, in sum, ranges from $23 million on the low end to $35 million on the high end.

Michigan, meanwhile, had just five ransomware attacks since 2016, but nearly 1.1 million patient records were affected from those attacks, making it the worst state for the number of patient records at risk. As the researchers pointed out, this is largely due to two attacks—to Airway Oxygen, Inc., a medical supply company, and Wolverine Solutions Group, a medical billing company, based in the state. This means some of the affected patients live in different states.

Looking at year-over-year, in 2016, there were 36 ransomware attacks on U.S. healthcare organizations, followed by 53 in 2017. In 2018, the figure dipped again to 31, making this the lowest year for attacks overall. Last year, the figures rose again to 50.

The researchers concluded, “Even though most ransomware attacks to date have targeted patient data and hospital systems, there is potential for far worse. As technology continues to develop, cybersecurity efforts need to keep pace. Without the right safety measures in place, hospitals may soon be facing ransomware attacks on life-saving equipment and technology as well as crucial patient data and systems.”

Sponsored Recommendations

TEST: Ask the Expert: Is Your Patients' Understanding Putting You at Risk?

Effective health literacy in healthcare is essential for ensuring informed consent, reducing medical malpractice risks, and enhancing patient-provider communication. Unfortunately...

From Strategy to Action: The Power of Enterprise Value-Based Care

Ever wonder why your meticulously planned value-based care model hasn't moved beyond the concept stage? You're not alone! Transition from theory to practice with enterprise value...

State of the Market: Transforming Healthcare; Strategies for Building a Resilient and Adaptive Workforce

The U.S. healthcare system is facing critical challenges, including workforce shortages, high turnover, and regulatory pressures. This guide highlights the vital role of technology...

How AI-Native Locating Intelligence Revolutionizes the RTLS market

Discover how leveraging an RTLS solution with artificial intelligence as the location engine can increase efficiency, improve safety, and elevate care without the compromises ...