Chris Swagler | January 9th, 2023

In 2022, ransomware attacks impacted over 200 organizations in the United States public sector, including the government, education, and healthcare sectors. According to data gathered from publicly available reports, disclosure statements, dark web leaks, and third-party intelligence, threat operators stole data in nearly half of the ransomware attacks. Based on the current statistics, the ransomware threat affected 105 counties, 44 universities and colleges, 45 school districts, and 24 healthcare providers in the United States. Not all victims, fewer in the public sector and more in the private sector, disclose the incidents. The figures in the year-end report on the condition of ransomware in the United States need to be considered conservative as they can’t be used to form an accurate trend. Incidents impacting the public sector, however, are more likely to be disclosed, allowing for more consistent data. Researchers believe that the information can point to ransomware activities in the private sector.

Ransomware attacks on local governments increased from 77 to 105 in 2021, but the number is not significantly different from the previous year, which reported 113 incidents. According to researchers, the statistic for 2022 was “dramatically affected” by a single incident in Miller County, Alaska, which spread to computers in 55 different counties. Quincy, MA was the only known local government to pay threat actors $500,000 in 2022. At least 27 incidents included threat actors stealing data from victims.

In the United States, ransomware affected 89 educational organizations, including 44 universities and colleges and 45 school districts, and threat actors stole data in at least 58 incidents. Even though the total number of ransomware attacks in the education sector is less than 100, it can potentially impact more than 2,000 organizations because the affected school districts operate 1,981 schools. The Los Angeles Unified School District was one of the major targets of the vice Society ransomware group in 2022. Three educational organizations paid threat actors a ransom, including Glenn County Office of Education paying the Quantum threat actors $400,000 to recover encrypted data.

Tracking ransomware incidents in the healthcare sector is more difficult with unclear disclosures being the main reason. That’s why the experts only counted attacks against hospitals and multi-hospital health systems, which totaled 24 in 2022. Even with the small number, the impact is substantially greater, potentially affecting up to 289 hospitals. CommonSpirit Health, which operates over 140 hospitals, was the most notable healthcare entity targeted with data from 623,000 patients exposed. Threat actors stole files in 17 of the 24 incidents involving the healthcare sector. On December 30, the CentraState Medical Center stopped admitting patients because of a cybersecurity issue. Nonetheless, the report provides insight into ransomware activities in the public sector and how they compare to the previous year’s statistics.

With 2022 in the rearview, companies need to continue the trend of being vigilant on the current threat landscape in 2023 and regularly update their data networks’ infrastructure to prevent potential ransomware attacks. At SpearTip, our certified engineers are working continuously at our 24/7/365 Security Operations Center monitoring companies’ networks for potential cyberattacks and ready to respond to incidents at a moment’s notice. Our pre-breach advisory services allow us to examine companies’ security posture to improve the weak points in their networks. Our team will engage with companies’ people, processes, and technology to truly measure the maturity of the technical environment. For all vulnerabilities our engineers uncover, they will provide technical roadmaps to ensure companies have the awareness and support to optimize their overall cyber security posture. Our ShadowSpear Platform, the integrable managed detection and response tool, provides comprehensive insights using unparalleled data normalization and visualizations to detect sophisticated unknown and advanced ransomware threats.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.