Ransomware breaches have cost the US economy tens of billions of dollars in downtime alone over the past seven years, according to new research from Comparitech.
The consumer awareness firm analyzed data on all known ransomware attacks affecting medical organizations between 2016 and mid-October 2023, looking at specialist IT news, data breach reports and state reporting tools.
During the time period there were 539 reported attacks on healthcare organizations, impacting an estimated 9780 separate hospitals, clinics and other organizations. Over 52 million patient records were compromised, it said.
Downtime varied from minimal disruption for those with frequent data backups, to months of recovery time, although the average was 14 days per organization. At nearly 19 days, 2023 is the worst year for downtime during the reporting period, followed by 2022 (16 days).
Based on these figures, ransomware attacks since 2016 may have caused as many as 6347 days, or 17.4 years, of downtime.
Using a 2017 estimate that puts the average cost per minute of downtime at $8662, Comparitech calculated that US healthcare organizations lost $19.3m in 2020, $9.4m in 2021, $16.2m in 2022 and $15.5m so far in 2023. The total for the entire reporting period since 2016 is $77.5bn.
Ransom demands varied significantly, from $1600 to $10m, and were highest on average in 2021 ($4m). However, the researchers were unable to calculate or even estimate how much was lost by organizations because most victims don’t want to disclose the size of their ransom payments.
Comparitech warned that there would likely be no letup in attacks in the final quarter of 2023.
“So far this year, 66 ransomware attacks have taken place on 1568 medical organizations leading to over 7.3 million breached patient records. With three months still to go until the end of the year, it’s highly likely that 2023 will see a renewed spike in ransomware attacks on healthcare organizations,” it noted.
“With healthcare organizations witnessing an average of 18.7 days of downtime in 2023, it’s clear that hackers aren’t just succeeding in data theft but are managing to cause unprecedented disruption with their malware.”