According to a new report from cybersecurity firm Emsisoft, ransomware attacks between 2016 and 2021 can be attributed to at least one real-world death per month.
While it’s no secret that malware strains have become faster and smarter over the last few years, security warnings typically tend to be aimed towards private businesses and government agencies.
This new data, however, highlights the concerning threat that entities like hospitals and schools face. This in turn has led to experts calling for new laws to prohibit ransom payments in an effort to stop attacks.
Ransomware Hits Crisis Level
A total of 2,207 U.S hospitals, schools, and government agencies were directly impacted across 2023 by financially motivated ransomware attacks.
From denying access to critical services to compromising personal information, Emsisoft’s latest research concludes that despite being digital, this type of attack has very real real-world consequences and considers it a “risk-to-life threat.”
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
The 2023 report is quick to highlight that, despite aggregating data from multiple sources, some incidents won’t have been counted and therefore the ransomware crisis is likely to run even deeper than previously thought.
Attacks Are a “Risk to Life”
When it comes to medical emergencies, every second matters. Back in November 2023, a cyberattack on Ardent Health Services resulted in hospitals across three states having to reroute ambulances. Delayed or rerouted ambulances can result in patients dying or being left permanently disabled — outcomes that wouldn’t have happened if response times had been quicker.
It’s not just emergency treatments that are affected either. Malware attacks can lead to general disruptions to healthcare delivery. Hospital computer systems being shut down can result in delayed tests, inaccessible electronic health records, and mistakes happening with regard to manual record keeping.
Emsisoft’s report references the example of a 3-year-old patient who was given a “megadose” of opioid pain medication because a hospital's computer system was down. And unfortunately, this isn’t an extraordinary case.
2023 saw 46 hospital systems across 141 hospitals impacted by ransomware. At least 32 of those systems had information stolen which included protected health information.
Should Ransom Payments Be Banned?
So, what’s being done to help tackle ransomware attacks? Government task forces and international coalitions have been formed, while law enforcement agencies have seized crypto assets, dismantled botnets, and even made arrests in an effort to disrupt and halt ransomware operations. However, none of these solutions have had a significant effect.
According to Emsisoft, the only viable solution to this crisis is to ban the payment of ransoms outright. After all, as a profit-driven activity, ransomware attacks are likely to fall if there’s no money to be made.
“Ransomware is getting worse, not just in the number of attacks but in [their] aggressive nature. What we are doing simply isn’t working. A ban on ransom payments will be painful and will likely lead to a short-term increase in ransomware attacks, but it seems like this is the only solution that has a chance of long-term success.” – Allan Liska, a Threat Intelligence Analyst at cybersecurity firm Recorded Future
Ransom payments averaged $5,000 in 2018, but this increased to $1.5 million last year. There’s no doubt that money talks and this substantial increase is certainly cause for authorities to sit up and take drastic action.