New research from Comparitech has unveiled the staggering financial toll of ransomware attacks on the United States, with an eye-watering cost of $78 billion incurred over the past seven years. The consumer awareness firm conducted an exhaustive analysis encompassing all known ransomware incidents targeting medical organizations between 2016 and mid-October 2023, utilizing a variety of sources, including specialist IT news, data breach reports, and state reporting tools.
Furthermore, the results were alarming, as the study identified 539 reported ransomware attacks that impacted an estimated 9780 separate hospitals, clinics, and other healthcare entities, ultimately compromising over 52 million patient records.
Additionally, one of the most distressing aspects of these attacks is the significant downtime they caused. The duration of downtime varied widely, ranging from minimal disruption for organizations with frequent data backups to several months of recovery time. The average downtime per organization stood at 14 days, and 2023 emerged as the worst year in the reporting period with nearly 19 days of downtime, closely followed by 2022, which suffered 16 days of disruption. In total, these ransomware attacks between 2016 and 2023 may have resulted in an astonishing 6347 days, equivalent to 17.4 years, of cumulative downtime.
At the same time, in terms of financial repercussions, Comparitech employed a 2017 estimate suggesting that the average cost per minute of downtime for healthcare organizations is approximately $8662. This data revealed staggering losses, including $19.3 million in 2020, $9.4 million in 2021, $16.2 million in 2022, and $15.5 million up to the point of the study in 2023, amounting to a cumulative loss of $77.5 billion during the entire reporting period. Notably, ransom demands demonstrated significant variation, ranging from $1600 to $10 million, with the highest average demand observed in 2021 at $4 million.
Unfortunately, calculating the exact loss incurred by organizations proved challenging, as most victims remained unwilling to disclose the size of their ransom payments. As the year neared its end, Comparitech also issued a stark warning, pointing to 66 ransomware attacks on 1568 medical organizations in 2023, affecting over 7.3 million breached patient records and suggesting that a renewed surge in ransomware attacks on healthcare organizations was highly likely. With an average downtime of 18.7 days, it is evident that these malicious hackers are not just stealing data but also causing unprecedented disruptions through their malware.