Healthcare organizations faced a record number of ransomware attacks over the past year. Of these, 67% were affected by such attacks, a significant increase from 60% in 2023, which was already a significant number.
This is in sharp contrast to other areas where the rate of ransomware attacks has actually decreased by several percentage points. So says the latest edition of the State of Ransomware in Healthcare, an annual global study conducted by cybersecurity experts Sophos. To make matters worse, the impact of such attacks is more severe than ever. Only 22% of affected organizations recovered within a week, down from 47% in 2023 and 54% the year before.
Of the affected institutions, 37% took more than a month to reopen. Average restoration costs also jumped from $2.2 million (over €2 million) in 2023 to $2.57 million (€2.34 million) in 2024, more than doubling from 2021.
Healthcare appears to be a “soft target” with many vulnerabilities. Cybercriminals target this sector due to the sensitive nature of the information and the need for parties to access data quickly and instantly. John Shier, field CTO at Sophos, points out that the long recovery time is a sign that many healthcare organizations are not adequately prepared.
A more proactive attitude is desired
“As we've seen this year with the large-scale ransomware attacks that have impacted healthcare and patient care, these attacks can have a huge domino effect.” We believe that we need to take a more proactive approach to dealing with this issue.
Although somewhat at odds with the idea of injecting AI, he argues for the need for human expertise first and foremost on this issue. Advanced technology has its place, but there needs to be a real person at the controls, “combined with continuous monitoring to stay ahead of attackers.”
34% of attacks occur due to compromised credentials or exploited vulnerabilities. These two vulnerabilities are equally responsible for many attacks. Cybercriminals also routinely tamper with healthcare organizations' backup systems.
Nearly all affected organizations (95%) regret reporting that their backups were compromised during the attack. As a result, organizations have become more willing to pay to retrieve stolen or encrypted data.
Insurance companies often pay the ransom
In more than three-quarters of these cases, insurance companies collect ransom money, which naturally affects insurance premiums. Additionally, 57 percent of the providers that paid actually paid more than they originally requested.
The Sophos survey surveyed more than 5,000 IT decision makers and cybersecurity professionals from healthcare and other industries. To make it easier to compare Sophos' annual research, the company always names its reports after the year they were published. In this case, it's 2024, but many respondents also shared their experiences from previous years.
Related article: Ransomware attacks pay out five times more than last year
