Microsoft: Healthcare Sees 300% Surge in Ransomware Attacks

Nearly 400 US healthcare organizations have been infected with ransomware this fiscal year, compromising private information, disrupting facilities, and putting lives at risk, according to a study released this week.

The average payment that these organizations have reported paying has gone up to roughly $4.4 million and is costing facilities up to $900,000 in downtime, putting healthcare among ransomware's most lucrative target sectors.

The disruption that healthcare operations face when hit with ransomware attacks doesn't just affect hospitals either. It also impacts clinics and doctors in adjacent areas, which absorb displaced patients in these emergencies.

Researchers at Microsoft compared the effects of a ransomware attack against four hospitals and found that these events increased patient volume by 15%, increased waiting room time by almost 50%, increased the number of confirmed strokes by 113%. Cardiac arrest cases went up by 81%.

According to the study, ransomware has become such a pronounced issue for the healthcare sector because of its track record of complying with the bad actors and making ransom payments. But since these organizations are dealing with literal life and death issues, they are usually willing to pay millions of dollars to avoid any disruption of care and the data that support it.

As for the threats actors and ransomware gangs, Russia is known for providing a safe harbor for gangs who attack US infrastructure; Iranian groups in particular have been most active in attempted attacks against healthcare organizations this year. Chinese cyber crews are also getting in on the action and targeting healthcare as a cover for government-backed espionage.