Ransomware downtime costs US healthcare organizations $1.9 million every day

Health
By Liam

Ransomware attacks are having a serious impact on US healthcare organizations, with an alarming escalation of incidents and their consequences, according to a Comparitech researcher. report.

The research shows that 654 ransomware attacks have targeted healthcare providers since 2018, with 2023 being a record year, with 143 incidents.

These attacks compromised more than 88.7 million patient records during this period, with more than 26.2 million breached in 2023 alone.

Each day of downtime due to ransomware costs healthcare organizations an average of $1.9 million, culminating in an estimated $21.9 billion in downtime losses over a six-year period.

On average, medical organizations experienced 17 days of downtime per incident, with the highest disruptions reported in 2022, averaging 27 days.

Rebecca Moody, head of data research at Comparitech, noted the changing nature of ransomware threats in healthcare.

“One of the most significant changes in ransomware attacks is the increased focus on stealing large amounts of data,” she says. “Looking at the top 10 ransomware data breaches since 2018, seven occurred in 2023 and 2024.”

She explained that healthcare organizations are particularly vulnerable to ransomware attacks due to their dependence on operational continuity and sensitive patient data.

“Healthcare organizations can ill afford downtime,” says Moody. “Losing access to systems can cause widespread chaos, delayed health care and even errors in medication dispensing.”

She said hackers often take advantage of this urgency and use double extortion tactics by encrypting systems while exfiltrating data to increase pressure for ransom payments.

Moody emphasized that preparation is essential to minimize the impact of ransomware attacks.

“The key is preparing for the worst-case scenario,” she said. “Having an incident response team, a communications plan and clear instructions for managing threats and recovering data can help healthcare companies recover quickly.”

Regular data backups are also essential for recovery efforts, but many organizations face challenges in implementing them due to budget constraints and gaps in employee training.

As ransomware tactics continue to evolve, Moody emphasized the importance of robust cybersecurity measures to protect sensitive patient data and maintain operational integrity.

“Having a plan can help hospitals and clinics maintain continuity of care even during extended system outages,” she said.

The report comes as Nebraska Attorney General has filed a lawsuit against UnitedHealth Group and its subsidiaries Change Healthcare and Optum following a ransomware attack that disrupted critical healthcare services across the state.

Healthcare organizations are still struggling to get to grips with cybersecurity as threats explode and the complexity of defenses increases. The rise of AI is also a cause for concern.

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: nathaneddy@gmail.com
Twitter: @dropdeaded209

You might also like More from author