$157 Million Cost of Ransomware Attacks to the Healthcare Industry Since 2016

A new Comparitech study has revealed the degree of ransomware attacks on healthcare organizations and their real cost on the healthcare industry.

The study showed that healthcare organizations in the United States have encountered at least 172 ransomware attacks in the past three years. The attacks had affected 1,446 hospitals, clinics, and other medical facilities and at least $6,649,713 patients.

The number of attacks decreased from 53 incidents in 2017 to 31 incidents in 2018. But the attacks in 2019 had the same level as in 2017 with 50 reported attacks on healthcare companies.

Since 2016, the target of 74% of healthcare ransomware attacks were the hospitals and health clinics. The 26% of ransomware attacks were on healthcare establishments such as nursing homes, dental practices, medical testing laboratories, health insurance companies, plastic surgeons, optometry practices, medical supply firms, government healthcare organizations, and managed service providers.

Ransom demands vary substantially ranging from around $1,600 to $14 million. Some attacks on healthcare organizations had ransom demands of $16.48 million since 2016. Comparitech stated that healthcare companies have spent about $640,000 to attackers to get the keys to unlock encrypted files, nevertheless, the real cost is probably to be substantially greater as a lot of victims choose not to publicize that information.

Because of attacks, appointments are usually canceled and data could be permanently lost. The time, effort, and cost of remediating attacks can be too much for a number of smaller healthcare organizations. Two healthcare clinics have discontinued their practices because of ransomware attacks in 2019.

Ransom payments are only a small percentage of the total cost of an attack. Fixing systems from backups, or even utilizing the decryption keys from the attackers, can take a substantial amount of time. Repairing systems and data could take several hours to a number of weeks or months. The downtime as a result of ransomware attacks also adds to the total costs.

Comparitech chose several diverse data breach reports, IT news sources,, healthcare resources, and HHS’ Office for Civil Rights data, together with information from studies on the cost of downtime resulting from ransomware attacks. The researchers produced a low and high estimation of the downtime cost for all 172 verified attacks since 2016 based on that data. The low and high estimate for the downtime cost were $157,896,000 and $240,800,000, respectively.

Considering that hospitals and other health providers are often easy targets for hackers, ransomware will continue to be a rising issue for both organizations and patients. Most ransomware attacks thus far have targeted patient data and hospital systems, but the potential is a lot worse without implementing the right safety measures. Ransomware attacks may target life-saving equipment and crucial patient data and systems.