Comparitech recently publicized a report that showed how much work ransomware groups have been doing. The groups attack networks, encrypt files, and then compel the victims to pay ransom. Comparitech’s analysts found 5,461 ransomware attacks successfully executed in 2024 as listed by ransomware groups on their data leak websites. However, the attacked organizations, which were located in Europe and North America, only confirmed 1,204 attacks. The 1,204 confirmed attacks had 195.4 million breached records.
In 2024, the most active ransomware group was RansomHub with 89 confirmed attacks. Next to RansomHub was LockBit with 83 attacks, followed by Medusa with 62 attacks, and then Play with 57 attacks. Although 2024 had many attacks, the attacks are less than 2023’s 1,474 attacks with 261.5 million breached records. 2024’s average ransom demand was above $3.5 million. The confirmed amount of ransom paid to the ransomware groups was $133.5 million with an average ransom payment of $9,532,263.
In 2024, 181 healthcare providers confirmed encountering ransomware attacks that resulted in 25.6 million breached healthcare records. The attackers demanded $5.7 million ransom on average and received a ransom payment of $900,000 on average. There were additionally 42 confirmed attacks involving healthcare providers that do not offer direct patient care. The attacks resulted in 115,640,362 breached records and the ransom demanded averaged $16.3 million.
When it comes to breached records, the worst ransomware attack was conducted by the BlackCat/ALPHV ransomware group on Change Healthcare in 2024. The attack prompted a shutdown of Change Healthcare’s systems that continued for a few weeks causing massive impact on the billing process of healthcare companies throughout the United States. In October 2024, UnitedHealth Group, Change Healthcare’s parent company, announced $2.9 billion in losses because of the attack. Change Healthcare spent $22 million on ransom payments to retrieve the stolen information. However, the ransomware group did not pay the affiliate behind the attack and so stole the information and sold it to the RansomHub group, which attempted to extort Change Healthcare. The protected health information (PHI) of approximately 100 million people was affected by the attack.
This 2024, five out of the top 10 ransomware attacks involved healthcare organizations. The following companies were included in the list:
- MediSecure – the attack on this Australian prescription delivery service affected 12.3 million records.
- Ascension Health – the attack resulted in 5.6 million breached records
- Acadian Ambulance – the attack affected 2.9 million records
- Rite Aid – the attack affected 2.2 million records
- Regional Cancer Center in India – the attacker demanded a $100 million ransom after its attack in April 2024.
Because of the growing cyberattacks on U.S. healthcare providers, the Department of Health and Human Services’ Office for Civil Rights (OCR) submitted a proposal to update the HIPAA Security Law and require stronger cybersecurity measures from healthcare organizations and their business associates. The proposal includes creating and maintaining a complete and appropriate technology asset supply and system map, higher specificity for performing risk analyses, focused contingency planning, a strategy for re-establishing data access within 72 hours, twice-a-year vulnerability scans, yearly assessments of the efficiency of security measures, yearly penetration tests, yearly internal compliance audits, system segmentation, antimalware software program, multifactor authentication, and HIPAA encryption. If approved, these security measures will make ransomware groups work harder to attack systems and allow a fast recovery in case of an attack. Implementing these measures will also likely favor HIPAA certification.