Healthcare Ransomware Attacks Cost Industry $21B in 2020


March 9th, 2021

Healthcare ransomware attacks cost the industry $21 billion in 2020. Find out what led to this substantial increase.

healthcare ransomware attacks

Healthcare ransomware attacks had a significant impact in 2020. New data reveals that the cost to the industry was nearly $21 billion. The 2020 numbers were the highest in the past five years. The pandemic was a catalyst for this increase. Let’s look at the why and how that delivered this unfortunate rise.

Ransomware in Healthcare Sees 470% Increase over 2019

In a report from Comparitech, the company aggregated data regarding healthcare ransomware attacks. They found 92 separate incidents, impacting over 600 clinics, hospitals, and organizations and over 18 million patient records. 

One of the most prolific was the Blackbaud, a cloud software provider. This specific ransomware issue affected over 100 healthcare organizations and over 12 million patient records. 

Tracking down every ransomware attack is challenging because HHS (U.S. Department of Health Services) only reports them if they impact more than 500 people. The report included those along with others that researchers were able to assess. 

Downtime Was a Consequence

Downtime for any organization is costly in so many ways. When healthcare organizations don’t have sufficient business continuity or data backups, downtime risk becomes greater. The report discerned that downtime ranged significantly, affecting those with less frequent backups or paper-only systems. One healthcare entity lost its records after a ransomware attack

In the company’s analysis, they hypothesize that ransomware caused 1,669 days of downtime for the industry. That’s over 40,000 hours!

Ransoms Varied and Some Organizations Paid Them

The gist of ransomware attacks is that cyber criminals request a ransom to give you back your data. They do this by stealing the data, copy it, and encrypt the data to prevent access.

Those amounts varied between $300,000 and $1.14 million. Some organizations paid it. In the Blackbaud incident, organizations paid out at least $2,112,744 to attackers. 

Why Is the Healthcare Industry Vulnerable to Cyberattacks?

Unfortunately, healthcare is an easy target. The industry has highly sensitive data and can’t afford to have any downtime. While those attributes make it attractive to hackers, cybersecurity efforts in the industry aren’t at the same pace as others. 

Some of the biggest challenges include outdated infrastructure, antiquated cybersecurity practices, on-premises systems, and failure to backup files. Risk rises when you use legacy systems to store patient files that are no longer updated or supported. Legacy systems have been a cause of cybersecurity incidents for some time. To mitigate this risk, you should consider archiving data to a secure, compliant repository so that you can decommission legacy systems for good.

Proactive Initiatives to Mitigate Healthcare Ransomware Attacks

In addition to moving away from legacy systems, healthcare organizations should also embrace the cloud. It’s more secure and flexible. They should also educate and train employees on best practices for cybersecurity. These sessions should be ongoing. With some healthcare workers still remote, this training should include securely working from home.

Additionally, healthcare entities should ensure that all their vendors follow best practices with their data. Third parties can be a back door for hackers. If a provider converts, migrates, shares, or archives your data, ensure they use the most advanced encryption and other proactive measures. 

InfoWerks Takes Data Security Seriously

As a partner to healthcare, we take data security seriously. We have a high level of cybersecurity measures in place. All our processes and services support HIPAA and HITRUST compliance, as well. We’ve never had a breach in our company’s history. Learn more about data security protocols and HIPAA compliance requirements.

< Return to Blog Page