February 24, 2020 / Modified feb 24, 2020 4:54 p.m.

Study finds ransomware cost AZ health care more than $2.7 million since 2016

Three attacks affected nearly 12,000 people and totaled $2.7 million to $4.2 million in downtime in Arizona.

Computer Keyboard Hacking Digital A keyboard on a desk.
AZPM

Ransomware attacks involve hackers locking people out of their own data and demanding a payoff to regain access. But when patient data is held for ransom for hours or months, lives are on the line.

A new report by Comparitech identified 172 ransomware attacks on U.S. health care groups since 2016.

Those attacks cost an estimated $157 million in downtime and delayed treatment for more than 6 million patients.

Comparitech editor Paul Bischoff says companies should minimize human error through training.

"The second thing is creating backups regularly and, soon as the backup's completed, they're on a separate storage network that's not connected to the rest of the hospital's network, so it can't get infected," he said.

In Arizona, three attacks affected nearly 12,000 people and totaled $2.7 million to $4.2 million in downtime.

The victims included a cosmetic surgery provider, a retirement community and a clinic.

The study based its tallies on the states in which a medical company was headquartered.

California accounted for 14.5% of the attacks, but the state is also home to 12% of the U.S. population and a high concentration of health care providers.

By contrast, Michigan providers suffered only five ransomware attacks but saw 1.1 million people affected by just two incidents: one at a medical supply company, the other at a medical billing company.

Both have clients located in more than one state.

Arizona Science Desk
This story is from the Arizona Science Desk, a collaborative of the state's public radio stations, including NPR 89.1. Read more from the Arizona Science Desk.
By posting comments, you agree to our
AZPM encourages comments, but comments that contain profanity, unrelated information, threats, libel, defamatory statements, obscenities, pornography or that violate the law are not allowed. Comments that promote commercial products or services are not allowed. Comments in violation of this policy will be removed. Continued posting of comments that violate this policy will result in the commenter being banned from the site.

By submitting your comments, you hereby give AZPM the right to post your comments and potentially use them in any other form of media operated by this institution.
AZPM is a service of the University of Arizona and our broadcast stations are licensed to the Arizona Board of Regents who hold the trademarks for Arizona Public Media and AZPM. We respectfully acknowledge the University of Arizona is on the land and territories of Indigenous peoples.
The University of Arizona