2022 saw the usual rates of public sector organizations in government, education and healthcare hit by ransomware, while the severity increased, according to data from Emisoft.
The public sector organizations hit by ransomware included up to 1,981 schools, 290 hospitals, 105 local governments and 44 universities and colleges were hit with ransomware in the US in 2022, demonstrating the severity of ransomware attacks as a valid cyber threat to the public sector and the citizens, students and patients they serve. Personal data such as names, addresses, email addresses, dates of birth, and Social Security Numbers are most commonly accessed during these attacks.
Of the 105 known ransomware incidents involving state or municipal governments or agencies in 2022, at least 27 also resulted in a data breach. This number is up from the 77 ransomware attacks on local government reported in 2021.
One major ransomware incident involving the local government occurred in Miller County, AK, where malware spread from a compromised mainframe to systems in 55 different counties. Several county offices were impacted and remained offline for more than two weeks following the November 4 attack.
In the education sector, one of the most highly publicized ransomware attacks of the year targeted the Los Angeles Unified School District (LAUSD), the nation’s second largest school district. The attack, orchestrated by ransomware gang The Vice Society, impacted more than 1,300 schools and half a million students. In a statement addressing its response to the Sept. 5 attack, LAUSD said it declined to pay a ransom, arguing that funds would be better spent on students and that it “never guarantees the full recovery of data.”
The attack was one of 89 reported by education sector organizations that suffered a ransomware attack in 2022; 58 also suffered a subsequent data breach following the incident. Breaking down the numbers even further, hackers demanded ransoms from 44 universities and colleges, and 45 school districts that operate 1,981 schools.
Ransomware attacks against healthcare organizations doubled in the last five years, with the most common victim being health clinics, according to a new JAMA Health Forum study.
In the healthcare sector, one the most impactful ransomware incidents of 2022 was the attack on CommonSpirit Health, with impact on roughly 150 hospitals. Protected health information (PHI) was stolen in at least 17 of the incidents. CommonSpirit Health has since been hit with a proposed class-action lawsuit over the ransomware attack. The complaint was filed Dec. 29 by a patient who was just one among 623,774 notified in December that their data had been breached.
The number of paid ransom demands has decreased significantly last year, with only one government organization known to have paid a ransom of $500,000 in 2022. At least three education organizations are known to have agreed to pay up.
2023 is forecast to be a similar year in terms of ransomware events, with government, education and healthcare organizations encouraged to continually review cybersecurity measures amid ransomware threats to prevent data being released on the dark web.