Healthcare Cyberattacks Come with High Costs

These costs can involve both finances and time.

By Jeff Wardon, Jr., Assistant Editor

A recent study conducted by Comparitech found that there have been 539 confirmed ransomware attacks on U.S. healthcare organizations since 2016. The attacks have affected more than 52 million patient records and impacted 10,000 different facilities, estimating a cost of $77.5 billion in just downtime alone.  

According to the study, these were the other key findings: 

  • Ransomware amounts varied from $1,600 to $10 million 
  • Downtime varied from minimal disruption  to months upon months of recovery time 
  • On average medical organizations lost nearly 14 days to downtime, with each year varying from 2.6 days in 2018 to 18.71 days in 2023. 
  • Hackers demanded more than $39 million across 34 attacks and received payment in 31 out of 160 cases where the medical organizations disclosed whether or not they paid the ransom. They are more likely to disclose that they haven’t paid the ransom than if they have 

Cyberattacks do more than just breach an organization’s systems, it can outright cripple them. As evidenced by the study, these attacks can bring down entire systems and keep them inoperable for a long period of time.  

In addition, these attacks are costly to a healthcare facility both from a financial and a timely perspective.  

Even without the $77.5 billion estimated to have been lost, the ransoms demanded from hacker groups can be very high. As mentioned in the key findings, ransomware amounts topped out at $10 million. Paying the ransom is not recommended according to Cybereason, as paying can embolden hackers, lead to fines or recovering corrupted files even if paid off.  

The overall downtime totaled to 6,347 days, or in other terms, almost 17 and a half years. With that amount of downtime, critical services such as patient care may not be able to be provided. Down healthcare facilities would have to redirect or divert patients to other unaffected facilities, causing a delay in care. 

To prevent these cyberattacks from happening, the Cybersecurity & Infrastructure Security Agency (CISA) recommends

  • Turning on Multifactor Authentication (MFA): Opt into this extra step with trusted websites and apps when they ask for verification. 
  • Update Your Software or Turn on Automatic Updates: With outdated software, it becomes easier for hackers to find exploits and gain a foothold in an organization’s systems. Updating software will implement the latest fixes and patch out potential exploits. 
  • Think Before You Click: If a link looks suspicious, do not click on it. Even if it looks legitimate, exercise caution and verify that it is the person or entity they are claiming to be. Clicking on these suspicious links and the like can open vectors for attack from hackers. 
  • Use Strong Passwords: Create passwords that are at least 15 characters long, that are unique (never used anywhere else) and randomly generated. 

Jeff Wardon, Jr. is the assistant editor for the facility market. 

November 8, 2023

Topic Area: Information Technology , Security

Recent Posts

Tarzana Medical Center's New Patient Tower Outfitted with Rockfon Solutions

The Friese Family Tower is the centerpiece of an extensive and ongoing hospital expansion and modernization initiative known as Tarzana Reimagined.

How Doors Help Provide Security and Privacy in Healthcare Facilities

Door manufacturers discuss how doors aid in securing facilities and providing privacy.

Bon Secours Completes Expansion of St. Francis Medical Center

The project consisted of a 55-bed renovation and vertical expansion.

Delta Specialty Hospital Experiences Email Breach

The incident was limited to just one employee’s email account.

Selecting the Right Team for Healthcare Projects

Focusing on key criteria ensure design and construction teams deliver a facility that is safe, functional and tailored to a specific healthcare setting.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.