Skip to main content
close search
site logo
Dive Brief

Hospitals, clinics most likely to be hit with ransomware attack

Published Feb. 11, 2020
Shannon Muchmore's headshot
Senior Editor
Getty

First published on

Healthcare Dive

Dive Brief:

  • Over the past four years, nearly 1,500 healthcare companies have been hit with ransomware attacks, according to a study released Tuesday by Comparitech, a company that rates IT privacy tools.
  • The 172 individual attacks from 2016 to 2019 affected 6.6 million patients. The overwhelming majority of organizations affected were hospitals or clinics at 74%. Elderly care providers accounted for 7%, followed by dental (5%), medical testing (2%) and health insurance, government health and medical supplies, all at 1%.
  • Researchers calculated the overall cost of the attacks at $157 million. Hackers have demanded $16.5 million and received at least $640,000. The amounts requested ranged from $1,600 to $14 million.

Dive Insight:

Ransomware attacks are of growing concern to a number of sectors, but can be especially difficult for healthcare organizations that require access to records to treat patients. In the newest study, researchers determined the downtime caused by an attack could last months.

Hospitals continue to have high vulnerability. A recent Moody's report noted cyberattacks against the hospitals sector "will continue to evolve" and warned smaller facilities are especially at risk given their lack of resources. Just a bit more than 5% of hospital IT budgets are earmarked for cybersecurity, Moody's said.

Comparitech
 

Hospital breaches usually involve sensitive information, and at least one study found they were associated with increased mortality. Hospitals can also be on the hook with failing to notify federal authorities when a breach has occurred. In December, Sentara Hospitals agreed to a $2.2 million settlement after accusations it did not notify the HHS Office for Civil Rights when patient health information was compromised through a mailing error.

The new study found that California and Texas were hit with the most attacks, not surprising given their large geographic sizes and populations. The state with the highest percentage of population affected by a healthcare ransomware attack was Michigan with 11%, largely stemming from two separate attacks — one on medical supply company Airway Oxygen, Inc and the other on medical billing company Wolverine Solutions Group. Next highest were Utah and Delaware at nearly 9% each.

One major cybersecurity threat that made headlines has been lingering. The WannaCry malware that crippled dozens of hospitals in the United Kingdom in the spring of 2017 was still affecting organizations two years later as many systems weren't being properly patched.

Indeed, 2017 was the year with the largest number of attacks over the time period studied at 53. There were 50 in 2019, 36 in 2016 and 33 in 2018.

Previous research has shown the attacks often target individual healthcare employees through malicious email, mostly with URLs that link to a trusted file-sharing service. Those attacks hit not only high-ranking employees but also those with access to particular systems or with visible email addresses.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Powerful Medical Becomes the First Company to Win Best Science Startup and Overall Winner at A…
From Powerful Medical
November 21, 2024
Osteal Therapeutics Announces Positive 12-Month Results from the APEX Clinical Trial Program a…
From Osteal Therapeutics
November 14, 2024
Arsenal Medical Launches EMBO-02 Study for NeoCast™ to Assess Treatment of Chronic Subdural He…
From Arsenal Medical
November 14, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in Digital Health
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell