Ransomware attacks can also leave machines offline from hours to weeks and sometimes months. The length of downtime, on average, cost the healthcare industry an estimated $918,000 in total per organization in 2016, with a more recent report suggesting that healthcare cyberattacks cost an average of $1.4 million to recover from and increase the price of downtime to $240.8 million.

The health of patients is the main concern, however, with one study suggesting that data breaches as a whole increase the 30-day mortality rate for heart attacks, leading to 36 more deaths per 10,000 heart attacks annually. Comparitech, taking into account lack of transparency around these figures, estimates that healthcare organizations in the U.S. have lost around $160 million over the last four years to ransomware, and that the attacks could take greater hits on lifesaving equipment and patient data and systems in the future, if proper precautions are not put in place and staff members are not trained to be more careful.

“In most successful ransomware attacks, human error plays a role somewhere along the line,” said Bischoff. “In many cases, this is due to phishing. Criminals pose as trusted personnel or authority figures in emails and other messages to trick hospital staff into clicking on links or attachments containing malware. Staff need to be trained on how to spot phishing emails, report them, and dispose of them properly. Hospitals need to create regular secure backups of their data. If ransomware prevents access to files, the backups can be used to replace those files quickly without major disruption to the hospital.”

Back to HCB News

Health IT Homepage