Skip to main content
close search
site logo
Dive Brief

Ransomware attacks on healthcare facilities cost $77.5B in downtime, report finds

On average, organizations were shut down or unavailable to provide services for 14 days to due to ransomware attacks from 2016 through mid-October this year, according to research firm Comparitech.

Published Oct. 27, 2023
Emily Olsen's headshot
Reporter
Double exposure shot of backside of a computer and red binary codes.
Suebsiri via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Ransomware attacks on U.S. healthcare organizations have cost the economy around $77.5 billion in downtime since 2016, according to an analysis by technology review and cybersecurity research firm Comparitech.
  • Downtime, when facilities are unable to provide services or are shut down, varied between attacks. Some caused minimal disruption, while others required months to recover. On average, organizations lost nearly 14 days to downtime from ransomware attacks from 2016 to mid-October this year, according to the analysis.
  • The report tallied 539 attacks on nearly 10,000 separate hospitals, clinics or other healthcare facilities, which impacted more than 52 million patient records. 

Dive Insight: 

Data breaches have become an increasingly large challenge for healthcare organizations over the past decade, exposing 385 million patient records from 2010 to 2022, according to federal records. 

Ransomware, where criminals demand a payment to return access to critical systems and patient data, has also risen to become a serious threat to the healthcare sector

Cyberattacks can disrupt access to medical records and delay patient care, a challenge faced by Chicago-based CommonSpirit Health when the hospital operator was attacked last year. About a quarter of providers said their organizations saw a rise in mortality rates after a ransomware attack, according to a 2021 survey from the Ponemon Institute.

Ransomware attacks spike during the pandemic

Number of ransomware attacks against healthcare organizations, from 2016 to mid-October 2023

Ransom demands varied from $1,600 to $10 million during Comparitech’s study period. But only a small number of healthcare organizations — representing 34 out of the 539 attacks — publicly released ransom amounts. 

Hackers demanded more than $39 million across the 34 attacks, and they received payment in 31 out of 160 cases where organizations disclosed whether or not they had paid the ransom. 

Many organizations don’t want to disclose ransom amounts or whether they paid, to avoid incentivizing more attacks, according to the report.

In addition to ransom demands, downtime is a costly effect of healthcare cyberattacks. The average cost of downtime so far in 2023 reached $15.5 million, compared with $16.2 million in 2022, $9.4 million for 2021 and $19.3 million lost in 2020.

So far, 2023 has reported the highest average downtime due to a ransomware attack at 18.71 days. 

Downtime due to ransomware attacks on the rise

Average downtime in days from 2016 to mid-October 2023

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
University Compounding Pharmacy Announces Rebrand to MediVera Compounding Pharmacy™
From MediVera Compounding Pharmacy
July 29, 2024
HearUSA Ranked a Top Hearing Care Retailer in Newsweek’s America's Best Retailers 2024
From HearUSA
July 30, 2024
Healthworx partners with Highmark Inc, LifeBridge Health for new accelerator program
From Healthworx
July 30, 2024
Corazon Offers Comprehensive Services to Ambulatory Surgery Centers
From Corazon
August 06, 2024
Editors' picks
Latest in Hospitals
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell