Ransomware attacks have imposed significant financial burdens on U.S. healthcare providers, with an estimated $21.9 billion lost to downtime alone since 2018, according to Comparitech.com.
In a Dec. 18 report, Comparitech.com analyzed 654 ransomware incidents targeting healthcare organizations, including hospitals, clinics, pharmacies and care homes, from 2018 to 2024. The findings showed an increase in attacks, with 143 reported in 2023. That year also saw more than 26.2 million patient records affected, contributing to a total of 88.8 million compromised records over the six-year period.
Key findings from the study include:
- Downtime costs: The average day of downtime cost healthcare organizations $1.9 million, with recovery times ranging from minimal disruption to several months. Organizations experienced an average of more than 17 days of downtime per attack, peaking at 27 days in 2022.
- Ransom demands: Hackers demanded ransoms ranging from $4,000 to $10 million. Across 55 known incidents, the average ransom demand was $1.18 million, totaling nearly $64.7 million.
- Major threat actors: Groups such as Conti, Maze, Hive and Pysa were prominent from 2018 to 2022, while LockBit, ALPHV/BlackCat, Karakurt and BianLian have emerged as leading threats in recent years.