Ransomware attacks in 2022 impacted more than 200 hundred larger organizations in the U.S. public sector in the government, educational, and healthcare verticals.
Data collected from publicly available reports, disclosure statements, leaks on the dark web, and third-party intelligence show that hackers stole data in about half of these ransomware attacks.
No clear picture on ransomware attacks
Based on available data, the ransomware threat in the U.S. struck 105 counties, 44 universities and colleges, 45 school districts, and 24 healthcare providers.
Cybersecurity company Emisoft compiled these statistics underlining that not all victims – less in the public and to a higher degree in the private sector – disclose such incidents and some of them may have missed the researchers.
As such, the numbers in the end-of-the-year report on the state of ransomware in the U.S. should be considered conservative as they cannot be used to accurately form a trend.
However, incidents affecting the public sector are more likely to be disclosed, allowing for more consistent data. Because of this, the researchers say that this information could serve as a hint to the ransomware activity in the private sector.
“The reality is that nobody knows for sure whether the number of attacks are flat or trending up or down” – Emsisoft
Ransomware affected 105 counties
Compared to 2021, ransomware attacks on local governments grew from 77 to 105 but the number is not much different from the years before, which recorded 113 incidents.
The researchers note that the figure for 2022 was “dramatically affected by a single incident in Miller County, AK” that spread to computers in 55 separate counties.
Emsisoft highlights that in 2022, Quincy, MA, was the only known local government to pay the hackers’, losing $500,000 to them.
In at least 27 of these incidents, the hackers also stole data from the victims.
Hackers stole data in 58 attacks on educational orgs
Ransomware hit 89 organizations in the education sector in the U.S., 44 universities and colleges, and 45 school districts, and the hackers stole data in at least 58 attacks.
Although the total number of ransomware attacks is less than 100 in this sector, the amount of potentially impacted organizations is more than 2,000 since the affected school districts are operating 1,981 schools.
One of the most significant targets in 2022 was the Los Angeles Unified School District, claimed by the Vice Society ransomware gang.
Emisoft says that three educational organizations paid a ransom to the hackers. One of them was the Glenn County Office of Education, which paid $400,000 to the Quantum threat actors to recover encrypted data.
290 hospitals potentially affected by ransomware
Tracking ransomware incidents in the healthcare sector is more difficult, Emsisoft researchers say in the report, the main reason being unclear disclosures.
Because of this, they counted only attacks on hospitals and multi-hospital health systems, which added to 24 in 2022.
Despite the small number, the impact is much more significant, potentially affecting as many as 289 hospitals. The most notable healthcare entity attacked was CommonSpirit Health, which runs more than 140 hospitals exposing data of 623,000 patients.
Emsisoft researchers say that hackers stole files in 17 incidents affecting the healthcare sector.
The company’s report emphasizes that these statistics do not provide the full picture of ransomware attacks in the public sector as “there will be some incidents that did not come to our attention.”
Furthermore, some attacks may have been still unfolding, unclassified, or unreported at the time of compiling the data. One example is the CentraState Medical Center, which stopped admitting patients on Friday, December 30, 2022, “due to a cybersecurity issue.”
Nevertheless, Emsisoft’s report provides some insight about the ransomware activity in the public sector and how it compares to statistics from previous years.
