Increasedfrequencyofransomwareattacksagainstvitalinfrastructure,accordingtoFBI
The FBI's 2023 Internet Crime Report reveals a concerning escalation in ransomware attacks against critical infrastructure sectors, with the healthcare sector bearing the brunt of the attacks. In 2023, the FBI's Internet Crime Complaint Center recorded 870 ransomware attacks across 16 critical infrastructure sectors, with healthcare reporting 210 incidents[1].
Ransomware attacks in the healthcare sector have shown a sharp increase in both frequency and severity:
- Ransomware-related breaches surged 278% from 2018 to 2023, resulting in an average system downtime of approximately 17 days per incident, sometimes lasting up to 3-4 weeks[2].
- Hospital downtime due to ransomware costs approximately $1.9 million per day, contributing to an estimated $21.9 billion loss in total downtime costs from 2018 to 2023[2].
- Nearly 47% of healthcare organizations hit by ransomware paid ransoms in 2023, with average ransom demands escalating dramatically from about $5,000 in 2022 to $1.5 million in 2023[2].
- The average cost of a healthcare data breach was $10.93 million in 2023, significantly higher than the global average cost per record of $148 compared to $408 in healthcare[2].
High-profile ransomware groups like BlackSuit and Royal ransomware have been responsible for attacks across critical sectors including healthcare. These groups used double-extortion tactics—encrypting systems while threatening to leak stolen data if ransoms were not paid[3][4]. Since 2022, these groups compromised over 450 known victims in sectors such as healthcare, education, energy, and government, extorting over $370 million based on cryptocurrency valuations[3]. In August 2024, BlackSuit's total extortion demands surpassed $500 million[4].
Such attacks have a direct impact on patient care: for instance, the November 2023 ransomware attack on Ardent Health Services disrupted critical care in three states, leading to cancelled elective procedures, emergency room diversions, and disruptions in prescription refills and appointment scheduling[1].
Law enforcement agencies, including the FBI, ICE, and international partners, have taken coordinated actions like the 2025 takedown of BlackSuit ransomware infrastructure to combat these threats[3][4]. The US government also promotes the adoption of cybersecurity frameworks to reduce risk and protect sensitive health data and critical infrastructure[1].
In 2023, the FBI reported 1,193 ransomware attacks targeting critical infrastructure organizations, a 18% increase from the previous year[1]. However, it's important to note that only about 20% of Hive's victims reported ransomware attacks to law enforcement[1]. The IT platform used widely and intertwined throughout the healthcare sector, which was intruded by AlphV, remains largely non-operational almost three weeks after the attack.
In conclusion, ransomware attacks on critical infrastructure—especially healthcare—are on the rise, posing a significant threat to patient care and national security. This trend has prompted strong government and law enforcement responses aimed at dismantling ransomware operations and increasing resilience across sectors[3][1].
- The increasing number of ransomware attacks, particularly in the healthcare sector, is a concern in the realm of cybersecurity and general news, with this type of crime and justice issue reflecting an escalation in attacks against critical infrastructure sectors.
- In the context of technology, the healthcare sector saw a surge in ransomware-related breaches from 2018 to 2023, escalating severely, resulting in increased system downtime and significant financial losses for healthcare organizations.
- The FBI's 2023 Internet Crime Report documented 1,193 ransomware attacks targeting critical infrastructure organizations, including the healthcare sector, highlighting the growing threat and the necessity for stronger cybersecurity measures and government response to combat this crime-and-justice challenge.
