Universities, not health care systems, facing highest number of ransomware attacks

The prevalence of and perhaps damage caused by ransomware-style cyberattacks is greater in the education sector than any other industry, according to a newly released research report by security ratings firm BitSight.
(Getty Images)

The prevalence of and damage caused by ransomware-style cyberattacks is greater in the education sector than any other industry, according to a newly released research report by security ratings firm BitSight.

The findings notably challenge what has become sort of conventional wisdom across the cybersecurity sector; with the general consensus being that hospitals are at the greatest risk of such attacks. Healthcare records are understood to be amongst the most valuable files for sale on the dark web, as they typically contain personal, financial, medical and patient employment information.

“Although patient data makes healthcare organizations a prime target for ransomware attacks, other industries are [also] … on a cyber criminal’s radar,” the report reads, “Intellectual property, classified government documents, and private financial data are just some of the types of records that cyber criminals may pursue within other industries.”

U.S. Federal Trade Commission Chairwoman Edith Ramirez recently called ransomware the “most profitable” malware ever devised during an FTC workshop event intended for businesses leaders.


In June, the University of Calgary publicly disclosed that it had paid a $20,000 ransom to a hacker after malware encrypted the university’s email servers. Two months later, cybersecurity firm SentinelOne found that Bournemouth University — an institution that boasts its own cybersecurity center — had been hit roughly 21 times with ransomware-style attacks over a one year period reaching back to 2015.

“While several ransomware attacks on healthcare companies have made headlines this year, the issue is more widespread. Our analysis shows that the education sector is actually the most impacted group, followed by government,” Stephen Boyer, co-founder and CTO of BitSight, said in a statement.

Data analyzed and collected by BitSight from more than 18,000 participating companies was used to identify common forms and infection patterns of ransomware affecting six broad industries, including finance, healthcare, education, energy, retail and government.

Of the six industries examined, government had the second-lowest security rating, yet the second highest rate of ransomware attacks.

In March, a small, local police station in Melrose, Mass. — which would be categorized as “government” in the aforementioned research study — experienced a ransomware attack on its incident response-logging software, which allows officers to process records remotely, according to the International Business Times. Melrose Police ultimately paid a ransom to regain access to those systems.


“On the Federal level, a successful ransomware infection could be very detrimental,” said Jacob Olcott, a vice president at BitSight.

Last year, the Department of Homeland Security  claimed there were 321 ransomware-related incidents that affected 29 different federal networks. In the end, all 29 cases were resolved with “minimal” damage to systems, according to DHS.

“What happens when a successful ransomware infection does occur? What is the government’s policy on reporting ransomware infections, and paying ransoms? Since many experts expect ransomware to become more targeted and sophisticated, these questions are paramount,” said Olcott, a former legal adviser to the Senate Commerce Committee and Chairman John D. Rockefeller’s lead negotiator on cybersecurity legislation.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts