2024 Was Another Bad Year for Healthcare Ransomware Attacks
A recently published analysis by Comparitech has revealed the extent to which ransomware groups have been breaching networks, encrypting files, and demanding ransom payments from victims. Comparitech’s researchers identified 5,461 successful ransomware attacks in 2024 based on claims by ransomware groups on their data leak sites, and 1,204 of those attacks were confirmed by the attacked organizations.
Across the 1,204 confirmed attacks, 195.4 million records were compromised and held to ransom, with the majority of those attacks conducted in North America and Europe. In 2024, RansomHub was the most prolific ransomware group with 89 confirmed attacks, with LockBit close behind with 83 attacks followed by Medusa with 62 attacks and Play with 57 attacks. While the figures for 2024 are high, there was a reduction in attacks compared to 2023 when there were 1,474 confirmed attacks involving 261.5 compromised records. The average ransom demand in 2024 was more than $3.5 million, with $133.5 million in confirmed payments to ransomware groups. The average ransom payment was $9,532,263.
There were 181 confirmed ransomware attacks on healthcare providers in 2024 involving 25.6 million healthcare records. The average ransom demand was $5.7 million and the average ransom paid was $900,000. There were also a further 42 confirmed attacks on healthcare organizations that do not provide direct care, involving 115,640,362 compromised records and an average ransom demand of 16.3 million.
In terms of compromised records, the BlackCat/ALPHV ransomware attack on Change Healthcare was the worst ransomware attack of 2024. The attack caused an outage of Change Healthcare’s systems that lasted for several weeks resulting in massive disruption to the billing cycles of healthcare providers across the United States. In October, Change Healthcare’s parent company UnitedHealth Group confirmed that losses in 2024 due to the attack had risen to $2.9 billion. Change Healthcare paid a $22 million ransom to prevent the release of the stolen data only for the ransomware group to pull an exit scam. The affiliate behind the attack took the stolen data and provided it to the RansomHub group, which tried to get a further ransom payment. The protected health information of an estimated 100 million individuals was compromised in the attack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Five of the top 10 ransomware attacks of the year were on healthcare organizations, including the third largest data breach of the year at MediSecure, an Australian prescription delivery service. This was the biggest data breach in history in Australia involving 12.3 million records. The ransomware attack on Ascension Health also made the top ten with 5.6 million compromised records, as did the attack on Acadian Ambulance (2.9 million records) and Rite Aid (2.2 million records). Based on the data set analyzed by Comparitech, the biggest ransom demand was issued to another healthcare provider, Regional Cancer Center in India, which received a $100 million ransom demand following its April 2024 attack.
In response to the increase in ransomware and other cyberattacks on U.S. healthcare organizations, the Department of Health and Human Services’ Office for Civil Rights (OCR) has proposed an update to the HIPAA Security Rule that requires healthcare organizations and their business associates to implement stronger cybersecurity measures. The proposed cybersecurity measures include the creation and maintenance of a comprehensive and accurate technology asset inventory and network map, greater specificity for conducting risk analyses, strengthened contingency planning, a plan for restoring access to data within 72 hours, bi-yearly vulnerability scans, annual penetration tests, annual tests to ensure the effectiveness of security measures, annual internal compliance audits, antimalware software, network segmentation, multifactor authentication, and the encryption of all electronic protected health information at rest and in transit. If signed into law, these measures will make it much harder for ransomware groups to breach networks and they will help to ensure a rapid recovery in the event of an attack.
