Healthcare Providers Lose Nearly $2M Per Day Due To Cyberattack-Induced Downtime

by | Dec 30, 2024 | above the law, legal matters

U.S. healthcare organizations lose $1.9 million on average during each day of downtime following a ransomware attack, according to new research from Comparitech. Rebecca Moody, Comparitech’s head of data research, predicted that the rate of ransomware attacks in the healthcare sector will accelerate even more in 2025.
The post Healthcare Providers Lose Nearly $2M Per Day Due To Cyberattack-Induced Downtime appeared first on Above the Law.

cybersecurity tech

Healthcare organizations in the U.S. lose an average of $1.9 million during each day of downtime following a ransomware attack, according to new research from software company Comparitech.

A ransomware attack is a major headache for any organization, but the destructive effects are particularly calamitous for attacks waged against healthcare organizations, the report noted. These attacks force healthcare providers to take their systems offline, making it difficult to provide care and access patient data until the hackers are paid a fee or IT specialists remove the ransomware.

It’s no secret that these disastrous ransomware attacks are becoming more and more common in the healthcare sector. The report pointed out that there have been 654 individual ransomware attacks on medical organizations since 2018 — with 143 individual attacks being recorded last year alone. 

Last year’s 143 ransomware attacks resulted in more than 26.2 million patient records being exposed, the report noted.

The rate of ransomware attacks in the healthcare industry is likely to increase even more in 2025, predicted Rebecca Moody, Comparitech’s head of data research.

“With the likes of LockBit revealing its latest version [last] week and an influx in new ransomware gangs making key claims this month (e.g. Interlock claiming the attack on Texas Tech University Health Sciences Center which breached nearly 1.5 million patient records), ransomware attacks on healthcare organizations remain just as much of a threat as they have in recent years — if not more so,” Moody wrote in an emailed statement.

Comparitech’s report revealed that the average ransom amount demanded during a healthcare cyberattack is $1.18 million. But the cost of an attack goes far beyond just the ransom.

Even if an organization pays the ransom fee to decrypt its systems, it is “highly likely” the organization will still face a slew of expensive recovery costs, Moody pointed out.

“Recovery costs include those required to restore systems, the cost of specialist teams to help overcome the attack (and overtime for employees), lost revenue due to downtime, and the cost of providing identity theft protection to people impacted in a data breach,” she explained.

All healthcare providers need to have a clear plan in place in the event that their systems are impacted by a ransomware attack, Moody declared.

This includes establishing an incident response team, creating a strong communication plan, and crafting step-by-step instructions for how the threat should be managed — such as removing infected systems from the network and how to recover data — Moody stated. She also said carrying out regular backups is critical when it comes to limiting downtime from cyberattacks.

Photo: WhataWin, Getty Images