“Because they look authentic, phishing attacks are relatively easy, inexpensive and successful for threat actors,” according to IBM. Plus, it only takes one person to click on a fraudulent email for the entire facility to be infected and the data held for ransom.
The consequences of a malware attack are expensive. The Cost of a Data Breach Report 2021 found average costs for incidents such as:
- A business email compromise: $5.01 million
- Phishing: $4.65 million
- A ransomware breach: $4.62 million
THE HIGH COST OF RANSOMWARE TO HEALTHCARE FACILITIES
The cost of ransomware attacks is growing. HIPAA Journal reported that the cost of U.S. healthcare ransomware attacks was estimated at $21 billion for 2020, with ransom demands ranging from $300,000 to $1.1 million. In 2019, the estimated cost for all healthcare attacks was $8.46 billion.
However, the actual cost per incident, on average, is hard to determine because the information is not always made public. Some organizations also do not reveal the ransom they paid.
In addition to paying a ransom, facilities also have the cost of downtime in which IT systems are frozen. In turn, the inability to access electronic medical records and patient data can prevent organizations from providing care to patients.
“Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data,” according to the FBI.