TL/DR –
Ransomware attacks on U.S. healthcare organizations are escalating in frequency and impact, with 654 reported since 2018 and 143 incidents in 2023 alone, according to a report by Comparitech. These attacks have compromised more than 88.7 million patient records, with each day of downtime costing an average of $1.9 million, amounting to about $21.9 billion in lost downtime over six years. Healthcare organizations are particularly vulnerable due to operational continuity reliance and sensitive patient data, with hackers increasingly using double-extortion tactics and large-scale data theft.
U.S. Healthcare Suffers Severe Impact from Rising Ransomware Attacks
US healthcare organizations face increased consequences from escalating ransomware attacks, as per a report by Comparitech. The study reveals a spike in such instances since 2018, with 2023 breaking records with 143 attacks.
These incidents have resulted in the exposure of 88.7 million patient records, including 26.2 million breached in 2023. Each ransomware-triggered downtime day costs healthcare providers approximately $1.9 million, leading to an unsettling $21.9 billion in downtime losses over six years.
Record-Breaking Disruptions and Rising Threats
Medical organizations have endured an average of 17 days of service disruption for each incident, with 2022 recording the longest average downtime of 27 days. Rebecca Moody, Comparitech’s head of data research, highlights the changing nature of healthcare ransomware threats, with a notable shift towards large data thefts.
“Seven out of the top 10 ransomware data breaches since 2018 happened in 2023 and 2024,” explains Moody. She further points out the vulnerability of healthcare organizations due to their heavy reliance on operational continuity and sensitive patient data.
Addressing the Growing Concern
Moody stresses the importance of preparedness in minimising the impact of ransomware attacks. She also emphasizes the significance of robust cybersecurity measures, frequent data backups, and well-structured incident response teams to protect sensitive patient data and ensure operational continuity.
The recent lawsuit by Nebraska’s Attorney General against UnitedHealth Group and its subsidiaries Change Healthcare and Optum, following a major ransomware attack, further highlights the issue.
Despite these challenges, healthcare organizations are still scrambling to implement effective cybersecurity measures. The increasing threats and defense complexities coupled with the advent of AI are causing significant concerns.
—
Read More Health & Wellness News ; US News