Here are 18 quick notes about ransomware in the healthcare industry:
- Colonial Pipeline CEO Joseph Blount confirmed he paid $4.4 million in bitcoin to the cybercriminal gang DarkSide on the first day of its cyberattack on the company, but it still took six days to restore operations.
- An attack on San Diego-based Scripps took the health system offline for about three weeks, resulting in patients having to go elsewhere for emergency services.
- Allergy Partners brought its computer systems back online after hackers infected the clinic's systems for six weeks with ransomware and demanded $1.75 million in exchange for giving the clinic back its access to its encrypted data.
- A ransomware attack on CaptureRx affected 1,656,569 patients at more than 13 hospitals and healthcare providers.
- The cost of cybersecurity insurance has risen by up to 30 percent since December as ransomware attacks spike.
- Insurance brokers reported that 85 percent of insurance plans rose in price since December.
- The take-up rate for existing clients electing coverage for cybersecurity rose from 26 percent in 2016 to 47 percent in 2020.
- The average ransomware payment increased 43 percent in 2021.
- The average ransom paid by healthcare companies was $910,335 in 2020.
- As healthcare data breaches surged, so did ransom demands, with hackers asking for $4.6 million on average.
- Ninety-one percent of healthcare data breaches are for financial gain, followed by fun (5 percent), espionage (4 percent) and a grudge against the company (1 percent).
- DarkSide, the hacker group behind the Colonial Pipeline ransomware attack, racked up $90 million in bitcoin from ransom payments before shutting down.
- In the first four months of 2021, 30 hospitals and health systems have reported to HHS that they were hit by data breaches.
- In April, there were 2,121,186 health records breached at 41 organizations, according to HHS' data breach portal.
- Those numbers doubled from the month preceding, where 1,116,997 health records were compromised in data breaches at 36 organizations.
- A Verizon report found there were 655 confirmed data incidents and 472 confirmed data breaches in the healthcare industry in a 12-month time frame from November 2019 to October 2020.
- The FBI issued a warning regarding Conti ransomware, which has been identified in at least 16 ransomware attacks on healthcare providers and first responders.
- The federal government has launched at least six initiatives in the race to halt ransomware attacks on critical organizations, such as hospitals and fuel providers.