Ransomware attacks in 2022 impacted more than 200 major US public sector organizations across government, education, and healthcare verticals.

Data collected from publicly available reports, disclosure statements, dark web leaks and third-party intelligence shows that hackers stole data in about half of these ransomware attacks.

No clear picture on ransomware attacks

Based on available data, the ransomware threat in the United States has hit 105 counties, 44 universities and colleges, 45 school districts, and 24 healthcare providers.

Cybersecurity firm Emisoft compiled these statistics pointing out that not all victims – less in the public and to a greater degree in the private sector – disclose such incidents and some of them may have been missed by researchers.

As such, the numbers from the year-end State of Ransomware in the United States report should be considered conservative as they cannot be used to accurately form a trend.

However, incidents affecting the public sector are more likely to be disclosed, resulting in more consistent data. For this reason, the researchers claim that this information could serve as a clue to ransomware activity in the private sector.

Ransomware affected 105 counties

Compared to 2021, ransomware attacks against local governments have increased from 77 to 105, but the number is not much different from previous years, which had 113 incidents.

The researchers note that the figure for 2022 was “significantly affected by a single incident in Miller County, AKwhich spread to computers in 55 separate counties.

Emsisoft points out that in 2022 Quincy, MA was the only known local government to pay hackers, losing them $500,000.

In at least 27 of these incidents, hackers also stole data from victims.

Hackers stole data in 58 attacks on educational organizations

Ransomware affected 89 US education organizations, 44 universities and colleges, and 45 school districts, and hackers stole data in at least 58 attacks.

Although the total number of ransomware attacks is less than 100 in this sector, the number of organizations potentially affected is over 2,000 since the affected school districts operate 1,981 schools.

One of the biggest goals in 2022 was the Los Angeles Unified School District, claimed by the Vice Society ransomware gang.

Emisoft says three educational organizations paid a ransom to the hackers. One of them was the Glenn County Office of Education, which paid $400,000 to Quantum threat actors to recover the encrypted data.

290 hospitals potentially affected by ransomware

According to Emsisoft researchers in the report, tracking ransomware incidents in the healthcare industry is more difficult, with the main reason being unclear disclosures.

For this reason, they only counted attacks against hospitals and multi-hospital health systems, which added up to 24 in 2022.

Despite the small number, the impact is much larger, potentially affecting up to 289 hospitals. The most notable healthcare entity attacked was CommonSpirit Healthwhich manages more than 140 hospitals exposing the data of 623,000 patients.

Emsisoft researchers say hackers stole files in 17 incidents affecting the healthcare sector.

The company’s report stresses that these statistics do not provide a complete picture of ransomware attacks in the public sector because “there will be incidents that have not been brought to our attention.”

Additionally, some attacks may still be ongoing, unclassified, or unreported at the time the data was compiled. An example is the CentraState Medical Centerwhich stopped admitting patients on Friday, December 30, 2022, “due to a cybersecurity issue”.

Nevertheless, Emsisoft’s report provides an overview of ransomware activity in the public sector and compares it to statistics from previous years.