The healthcare industry is fighting a wave of ransomware attacks, as hackers constantly adapt a varied arsenal of malware tools. A recent survey found 172 cyberattacks against the healthcare systems have succeeded in the past four years.
Besides hospitals and clinics, the healthcare industry also encompasses dental providers, elderly care providers, medical testing, laboratories, health insurance, medical supplies, and many others. While 74% of attacks target hospitals and clinics, any part of the industry can fall prey to a ransomware attack. As long as it hosts valuable patient data or can generate money, hackers will seek to compromise that part of the system.
Since 2016, 172 individual attacks have been registered on 1,446 various healthcare organizations, including hospitals, clinics, and the rest. The overall cost was estimated at $157 million, although the real figure is likely higher since few institutions report payments or final costs.
Depending on the size of the attack and the target, the value of the ransom varies wildly, from as little as $1,600 to as much as $14 million. And that’s not factoring in the costs of downtime, which can be far greater than the payment itself, especially since it can take months to completely fix the infrastructure of a large hospital.
The best estimates regarding the hacker’s demands total around $16.48 million since 2016, but a lack of transparency affects the public data. Gathering all known payments in the past four years yields only $640,000.
Most of the healthcare industry in the US is private, and not all institutions report intrusions or attacks. Furthermore, the U.S. Department of Health Services only shares data if a security incident affects at least 500 people, which is an arbitrary line. The Comparitech survey gathered data from official government sources and compiled in a single place.