Ransomware's effect on healthcare downtime.
By Tim Nodar, CyberWire senior staff writer
Oct 25, 2023

Healthcare organizations have been and remain attractive targets for cybercriminals. A Comparitech study quantifies the attraction.

Ransomware's effect on healthcare downtime.

Economic costs are one measure of the consequences of ransomware, and healthcare organizations (despite gangland’s pious assertions of their care to avoid putting patients at risk) have taken a measurable hit.

Healthcare organizations suffer both downtime and financial losses.

Comparitech has studied the effects of ransomware on healthcare organizations. They’ve found that the downtime caused by these attacks has cost the US economy $77.5 billion since 2016. The researchers state, “[M]edical entities suffered an average downtime of nearly 14 days following an attack. So far 2023 has reported the highest average downtime (18.71 days), closely followed by 2022 (15.71 days). Based on these figures, ransomware attacks may have caused 6,347 days, or 17.4 years, of downtime.” They add, “The cost of downtime to medical organizations over the last three years is estimated at $9.4 million for 2021, $16.2 million for 2022 and $15.5 million so far in 2023. None of these figures exceed 2020’s, however, with an estimated $19.3 million lost to downtime.”

“Deeply concerning and not surprising.”

“These findings are deeply concerning and not surprising,” is how Jan Lovmand, CTO at BullWall, summarized his reaction to the Comparitech study. “The financial toll of $77.5 billion is substantial, but the real human cost is immeasurable. This is a full-on battle. Ransomware attacks on healthcare facilities pose a grave threat to public health and safety. These assaults not only shut down delivery of critical medical services, causing delays in essential surgeries and treatments that jeopardize patients' lives, but they also breach the sanctity of sensitive patient data. The aftermath of such attacks can be catastrophic, leaving hospitals grappling to recover their data and regain control over their systems. Whether the ransom is surrendered or not, the toll in both financial losses and compromised patient care deals a crippling blow to these already strained institutions.”

Medical providers are and will remain highly attractive to criminals. Lovmand explained, “Hospitals and healthcare organizations have a bullseye painted on them in the eyes of cybercriminals. A heavy reliance on technology to manage a huge range of functions, from patient records to surgical equipment, provides a vast attack surface of uniquely susceptible targets. This vulnerability is further exacerbated by their meager resources allocated for bolstering cybersecurity defenses. However, with ransomware showing no sign of abating, it is imperative to invest in countermeasures that can stop these attacks without necessitating a complete shutdown of IT systems and healthcare services. A good Ransomware containment defense and off-site backups are table stakes.”

Emily Phelps, Director at Cyware, agreed on the attraction healthcare will continue to have for cybercriminals. “Healthcare continues to be one of the most targeted industries because of their valuable data and limited security resources,” she wrote in emailed comments. “Because of the complexity to secure vast organizations that maintain new and legacy systems, adversaries can exploit gaps in their defenses. With advanced technologies such as AI, threat actors can also operate faster, further complicating an already difficult situation for these healthcare entities.”

She offered suggestions for an approach to healthcare cybersecurity. “To mitigate the risks, healthcare organizations must be able to move from a reactive to a proactive security posture. To do this, they need access to relevant, context-rich threat intelligence which helps them understand what threats should be prioritized – healthcare ISACs can help provide this to organizations that become members. But the intelligence must also be prioritized and orchestrated appropriately in order to take meaningful action. Security orchestration and collaboration, combined with automated threat intelligence platforms help ensure the right information gets to the right people at the right time.”