Over 200 organizations in the healthcare, government and education sectors were compromised by ransomware in 2022 – a similar number of incidents to the previous year, according to Emsisoft.
The security vendor revealed the findings of its own analysis of publicly reported cases in a new report, The State of Ransomware in the US: Report and Statistics 2022.
Despite greater coordination of federal government and law enforcement activity to target ransomware groups in 2022, the incident count did not shift much from previous years, especially in local government and education, it found.
In total, the report revealed the following victim figures in the US last year:
- 105 local governments
- 44 universities and colleges
- 45 school districts operating 1981 schools
- 25 healthcare providers operating 290 hospitals
The average number of incidents impacting local government over the past four years was 102, while in education it was 88. In healthcare, figures last year were heavily influenced by the attack on CommonSpirit Health, which operates 150 hospitals.
However, there are some important caveats to the findings.
The first is that only a minority of ransomware attacks on private sector organizations are ever reported, which makes it difficult to say with any certainty whether overall activity is trending up or down from year to year.
The second is that Emsisoft itself acknowledged that it may have “considerably” under-counted even reported incidents in the three sectors covered in the report.
“It should also be noted that this report only includes incidents involving attacks on infrastructure belonging to the government, education and health sector organizations,” it added.
“It does not include attacks on private sector companies – such as payroll and other service and solution providers – which may have disrupted operations in these sectors. This means that more organizations will have been disrupted by ransomware than indicated by the numbers this report.”
Finally, counting incidents may not be as reflective of ransomware landscape trends as dollar losses, especially if some victim organizations manage to prevent lateral movement following a breach, the vendor argued.