The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Healthcare Hackers Asked for $4.5M on Average in Ransom in 2020

by Chris Brook on Thursday May 20, 2021

Contact Us
Free Demo
Chat

A recent report looked at the average costs incurred by the healthcare sector following a ransomware attack.

The healthcare industry, seemingly constantly embattled when it comes to cyberattacks, can’t catch a break.

Facilities have been slowed by ransomware in particular over the last several years, a threat that can severely drain an organization’s resources, including downtime and especially funds.

While attackers didn't get nearly this much, the average initial ransomware demand for healthcare companies in 2020 was a whopping $4,583,090.

That’s according to BakerHostetler, a law firm that releases an annual report that looks at data security incidents at companies the firm represents.

Overall, at least at companies it worked with, ransoms demanded and paid increased drastically. There were only 15 different threat actors/variants in 2019, compared to 75 last year, something which could say more about the commoditization of ransomware gangs and ransomware-as-a-service in general.

While paying attackers is ill-advised - agencies including the U.S. Department of Health and Human Services, the Federal Bureau of Investigation and others have gone on record urging against paying ransoms – it still happens. According to the law firm, whose report is dubbed the Data Security Incident Response (DSIR) Report, the average ransom payout in the healthcare industry was $910,335, a number that certainly isn’t as high as the $4 million figure but still a sizeable chunk of change.

Still, the number is high, more than four times the average ransom payment across all sectors in Q1 2021, a number that's around $220,000 according to Coveware, a company that performs ransomware incident response but also aggregates ransomware case data. Data theft is the norm, not an outlier, according to the firm's latest quarterly report, issued last month.

“Data exfiltration extortion continues to be prevalent and we have reached an inflection point where the vast majority of ransomware attacks now include the theft of corporate data,” it said in the report, adding that 77% percent of all of the threats it observed included the threat to leak exfiltrated data

These sums don’t include what it costs the healthcare facilities to hire an incident response team to remediate the problem by coming in to assess the scope of the intrusion. The average cost of that in 2020 was $58,963, according to BakerHostetler’s report.

Ransomware is behind some of the numbers in Verizon’s annual Data Breach Investigations Report, or DBIR, as well.

The report, which incorporated responses from 83 different organizations, looked at nearly 30,000 security incidents around the globe; 5,258 of them were data breaches. 655 of those incidents were from the healthcare industry.

Like last year, financially motivated hackers were responsible for most of the attacks (91%) on the healthcare industry, with ransomware "being a favored tactic." Elsewhere, across other industries, ransomware saw a marked uptick when it came to its role in manufacturing breaches - it surpassed denial of service attacks and phishing. Overall; it accounted for 5% of the incidents Verizon looked at.

Tags: Ransomware, Healthcare, Industry Insights

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.