Healthcare Cyberattacks Come with High Costs

These costs can involve both finances and time.

By Jeff Wardon, Jr., Assistant Editor


A recent study conducted by Comparitech found that there have been 539 confirmed ransomware attacks on U.S. healthcare organizations since 2016. The attacks have affected more than 52 million patient records and impacted 10,000 different facilities, estimating a cost of $77.5 billion in just downtime alone.  

According to the study, these were the other key findings: 

  • Ransomware amounts varied from $1,600 to $10 million 
  • Downtime varied from minimal disruption  to months upon months of recovery time 
  • On average medical organizations lost nearly 14 days to downtime, with each year varying from 2.6 days in 2018 to 18.71 days in 2023. 
  • Hackers demanded more than $39 million across 34 attacks and received payment in 31 out of 160 cases where the medical organizations disclosed whether or not they paid the ransom. They are more likely to disclose that they haven’t paid the ransom than if they have 

Cyberattacks do more than just breach an organization’s systems, it can outright cripple them. As evidenced by the study, these attacks can bring down entire systems and keep them inoperable for a long period of time.  

In addition, these attacks are costly to a healthcare facility both from a financial and a timely perspective.  

Even without the $77.5 billion estimated to have been lost, the ransoms demanded from hacker groups can be very high. As mentioned in the key findings, ransomware amounts topped out at $10 million. Paying the ransom is not recommended according to Cybereason, as paying can embolden hackers, lead to fines or recovering corrupted files even if paid off.  

The overall downtime totaled to 6,347 days, or in other terms, almost 17 and a half years. With that amount of downtime, critical services such as patient care may not be able to be provided. Down healthcare facilities would have to redirect or divert patients to other unaffected facilities, causing a delay in care. 

To prevent these cyberattacks from happening, the Cybersecurity & Infrastructure Security Agency (CISA) recommends

  • Turning on Multifactor Authentication (MFA): Opt into this extra step with trusted websites and apps when they ask for verification. 
  • Update Your Software or Turn on Automatic Updates: With outdated software, it becomes easier for hackers to find exploits and gain a foothold in an organization’s systems. Updating software will implement the latest fixes and patch out potential exploits. 
  • Think Before You Click: If a link looks suspicious, do not click on it. Even if it looks legitimate, exercise caution and verify that it is the person or entity they are claiming to be. Clicking on these suspicious links and the like can open vectors for attack from hackers. 
  • Use Strong Passwords: Create passwords that are at least 15 characters long, that are unique (never used anywhere else) and randomly generated. 

Jeff Wardon, Jr. is the assistant editor for the facility market. 



November 8, 2023


Topic Area: Information Technology , Security


Recent Posts

Healthcare Facilities May Reduce Amount of Hand Observations

Practicing hand hygiene has been the number one recommendation given to stop the spread of infections.


Prosser Memorial Health to Open New Hospital

The new $125 million, 88,000-square-foot hospital will open on February 1.


Biofilms: Top-Tier Threat to Surface Disinfection

It is time to recognize biofilms as the top-of-the-pyramid predators they are.


Ardent Health Obtains 18 Urgent Care Clinics in New Mexico and Oklahoma

The purchase follows Ardent Health’s acquisition of nine additional urgent care centers in its East Texas and Topeka, Kansas markets in 2024.


Parker Solves Contact Problems by Implementing Touchless Access Controls

Case study: The organization installed touchless access controls at its Somerset post-acute rehabilitation and skilled-nursing home.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.