Ransomware Attacks on Healthcare Increasing in Frequency, Severity

The attacks result in huge costs to facilities, disruption in operations, and stolen patient data.    July 12, 2023

By Greg Zimmerman, senior contributing editor

Though cybersecurity is not a core competency for most facility managers, increasingly, an organization’s cybersecurity strategy is something facility managers must have a stake in and be involved with planning. Ransomware attacks on healthcare facilities are increasing in both frequency and severity.  

Between 2016 and 2021, ransomware on healthcare facilities doubled and more than half of all ransomware attacks were targeted at healthcare facilities. Thirty-two of these attacks led to operational disruption of more than two weeks. These data are from a report titled Trends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016-2021, by JAMA Network

The average cost of a ransomware attack is about $7 million, according to Chief Healthcare Executive. It’s not just the cost to the organization, though, that make ransomware attacks so vicious. In the first six months of 2023, 5.5 million patients had their data stolen in these attacks. In the period from 2016 to 2021, the total was more than 42 million patients.  

Healthcare organizations will spend more than $125 billion in the next five years on cybersecurity. Especially as facility systems become more complex, facility managers must make sure they have a seat at the table when cybersecurity is discussed.   

Greg Zimmerman is senior contributing editor for and Building Operating Management magazine. 


Read next on FacilitiesNet