The Status of Healthcare Ransomware Attacks in 2024

by | Jan 17, 2025

Comparitech recently publicized a report that showed how much work ransomware groups have been doing. The groups attack networks, encrypt files, and then compel the victims to pay ransom. Comparitech’s analysts found 5,461 ransomware attacks successfully executed in 2024 as listed by ransomware groups on their data leak websites. However, the attacked organizations, which were located in Europe and North America, only confirmed 1,204 attacks. The 1,204 confirmed attacks had 195.4 million breached records.

In 2024, the most active ransomware group was RansomHub with 89 confirmed attacks. Next to RansomHub was LockBit with 83 attacks, followed by Medusa with 62 attacks, and then Play with 57 attacks. Although 2024 had many attacks, the attacks are less than 2023’s 1,474 attacks with 261.5 million breached records. 2024’s average ransom demand was above $3.5 million. The confirmed amount of ransom paid to the ransomware groups was $133.5 million with an average ransom payment of $9,532,263.

In 2024, 181 healthcare providers confirmed encountering ransomware attacks that resulted in 25.6 million breached healthcare records. The attackers demanded $5.7 million ransom on average and received a ransom payment of $900,000 on average. There were additionally 42 confirmed attacks involving healthcare providers that do not offer direct patient care. The attacks resulted in 115,640,362 breached records and the ransom demanded averaged $16.3 million.

When it comes to breached records, the worst ransomware attack was conducted by the BlackCat/ALPHV ransomware group on Change Healthcare in 2024. The attack prompted a shutdown of Change Healthcare’s systems that continued for a few weeks causing massive impact on the billing process of healthcare companies throughout the United States. In October 2024, UnitedHealth Group, Change Healthcare’s parent company, announced $2.9 billion in losses because of the attack. Change Healthcare spent $22 million on ransom payments to retrieve the stolen information. However, the ransomware group did not pay the affiliate behind the attack and so stole the information and sold it to the RansomHub group, which attempted to extort Change Healthcare. The protected health information (PHI) of approximately 100 million people was affected by the attack.

This 2024, five out of the top 10 ransomware attacks involved healthcare organizations. The following companies were included in the list:

  • MediSecure – the attack on this Australian prescription delivery service affected 12.3 million records.
  • Ascension Health – the attack resulted in 5.6 million breached records
  • Acadian Ambulance – the attack affected 2.9 million records
  • Rite Aid – the attack affected 2.2 million records
  • Regional Cancer Center in India – the attacker demanded a $100 million ransom after its attack in April 2024.

Because of the growing cyberattacks on U.S. healthcare providers, the Department of Health and Human Services’ Office for Civil Rights (OCR) submitted a proposal to update the HIPAA Security Law and require stronger cybersecurity measures from healthcare organizations and their business associates. The proposal includes creating and maintaining a complete and appropriate technology asset supply and system map, higher specificity for performing risk analyses, focused contingency planning, a strategy for re-establishing data access within 72 hours, twice-a-year vulnerability scans, yearly assessments of the efficiency of security measures, yearly penetration tests, yearly internal compliance audits, system segmentation, antimalware software program, multifactor authentication, and HIPAA encryption. If approved, these security measures will make ransomware groups work harder to attack systems and allow a fast recovery in case of an attack. Implementing these measures will also likely favor HIPAA certification.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy