Hackers targeted healthcare organizations with ransom demands ranging from $4,000 to $10 million, according to Comparitech.
In a Dec. 18 report, Comparitech analyzed 654 ransomware incidents targeting healthcare organizations — including hospitals, clinics, pharmacies and care homes — from 2018 to 2024. The findings showed an increase in attacks, with 143 reported in 2023. That year also saw more than 26.2 million patient records affected, contributing to a total of 88.8 million compromised records over the six-year period.
According to the study, here are some of the largest ransom demands on healthcare organizations:
- OrthoVirginia (Richmond, Va.): In 2021, a $10 million demand by the Ryuk ransomware group led to an 18-month recovery period.
- Acadian Ambulance (Lafayette, La.): In 2024, the Daixin Team demanded $7 million, claiming data from 10 million patients. Acadian negotiated but refused to pay the full amount.
- Lehigh Valley Health Network (Allentown, Pa.): In 2023, ALPHV/BlackCat sought $5 million after breaching 248,000 patient records.
- UF Health Central Florida (Leesburg, Fla.): In 2021, hackers demanded $5 million, with 700,981 patients impacted.
- Lurie Children's Hospital of Chicago: In 2023, Rhysida issued a $3.4 million ransom demand after stealing data affecting 792,000 people.