About 560 U.S. Healthcare Facilities Affected by 2020 Ransomware Attacks

Ransomware attacks have had an enormous effect on enterprises and institutions in America, and 2020 was notably a bad year. Ransomware gangs targeted the healthcare field, education segment, and federal, state, and municipal government authorities and agencies. There were about 2,354 attacks on these industries in 2020, as per the newest State of Ransomware report by Emisoft, a cybersecurity company based in New Zealand.

The number of ransomware attacks went up dramatically in late 2019, and though the attacks slowed down in the first 6 months of 2020, a serious coordinated campaign started in September when attacks considerably increased and happened in massive numbers all through the remainder of the year.

In 2020, no less than 113 ransomware attacks happened on federal, state, and city governments and departments, 560 attacks involved healthcare companies in 80 different occurrences and 1,681 attacks on educational institutions.

These attacks have resulted in considerable financial hurt and in certain instances the life-threatening outcomes. Healthcare providers had to hold services, reroute ambulances to alternate establishments. There were 911 services disrupted. Medical consultations were delayed and examination results were late.

One attack that resulted in the most problems was on Universal Health Services. The health system manages over 400 hospitals and medical centers throughout the United States. The attack impacted the various areas and brought about major disruption. A different attack on the University of Vermont Health Network put systems offline, as well as its EHR system. A few hospital systems continued to be out of action for many weeks following the attack. The health system lost about $1.5 million per day in terms of added expenditures and lost earnings as it recovered. Based on statistics, the typical ransomware occurrence costs $8.1 million – plus 287 days recovery period.

Ransomware threat actors these days typically steal sensitive data prior to encrypting files and threatens the victims to expose or sell the stolen records when there’s no ransom payment. This strategy was first implemented by the Maze ransomware gang, nevertheless, lots of threat groups have today followed the same approach. Emsisoft stated that only the Maze ransomware gang exfiltrated information before encrypting data files at the start of 2020. Yet now roughly 17 other threat groups have done similarly.

In several cases, giving ransom payment doesn’t ensure the deletion of the stolen data. Various ransomware gangs, which include Netwalker, Sodinokibi (REvil) and Mespinoza are known to have exposed stolen information despite the fact that the ransom was paid.

Emsisoft remarks that the first 6 months of 2020, just one of the 60 ransomware attacks on federal, state, county, and municipal governments and agencies had stolen information leaked; nonetheless, in the latter half of 2020, 23 of the 53 attacks had published stolen information on leak web pages. About 12 healthcare companies hit with ransomware saw their stolen sensitive records exposed on the web.

2020 was obviously a bad year, yet there is no guarantee that 2021 will be much better. Ransomware attacks will likely keep going and may worsen. Unless a great deal of action is undertaken, 2021 will probably be one more good year for threat actors.