In a Dec. 18 report, Comparitech analyzed 654 ransomware incidents targeting healthcare organizations — including hospitals, clinics, pharmacies and care homes — from 2018 to 2024. The findings showed an increase in attacks, with 143 reported in 2023. That year also saw more than 26.2 million patient records affected, contributing to a total of 88.8 million compromised records over the six-year period.
According to the study, here are some of the largest ransom demands on healthcare organizations:
- OrthoVirginia (Richmond, Va.): In 2021, a $10 million demand by the Ryuk ransomware group led to an 18-month recovery period.
- Acadian Ambulance (Lafayette, La.): In 2024, the Daixin Team demanded $7 million, claiming data from 10 million patients. Acadian negotiated but refused to pay the full amount.
- Lehigh Valley Health Network (Allentown, Pa.): In 2023, ALPHV/BlackCat sought $5 million after breaching 248,000 patient records.
- UF Health Central Florida (Leesburg, Fla.): In 2021, hackers demanded $5 million, with 700,981 patients impacted.
- Lurie Children’s Hospital of Chicago: In 2023, Rhysida issued a $3.4 million ransom demand after stealing data affecting 792,000 people.
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
