listen to article
This voice is automatically generated. Please let us know if you have any feedback.
Diving overview:
Recovery from ransomware attacks takes time — In some cases more than 1 month — A study released last week by cybersecurity firm Sophos found that attacks against the healthcare industry are on the rise. Almost two-thirds of respondents said they had suffered a ransomware attack in the past year, up from 60% the previous year. In Sophos' 2021 report, only 34% said they had experienced a ransomware attack. Recovery time is also longer. Only 22% of victims made a full recovery within a week of the attack, compared to 47% the previous year. Nearly 40% took more than a month to return to normal work.
Dive Insight:
The survey, which was filled out by more than 400 healthcare professionals, found that ransomware attacks in the healthcare sector are on the rise as incidents in other industries decline.
In 2024, nearly 60% of respondents across all sectors reported attacks, down from 66% in the previous two years. According to the report, healthcare organizations have the second highest rate of ransomware attacks in the world, second only to the federal government.
“The sensitivity of medical information and the need for accessibility puts the healthcare industry under constant scrutiny from cybercriminals,” John Shire, field chief technology officer at Sophos, said in a statement. said. “Unfortunately, cybercriminals have learned that few healthcare organizations are prepared to respond to these attacks, as evidenced by increasingly longer recovery times. ”
A successful ransomware attack can have a serious impact on healthcare organizations. Research shows that on average, nearly 60% of an organization's computers are affected by an attack.
Recovery time after increased ransomware attacks
Percentage of respondents on how long it took for their organization to fully recover
Nearly all businesses that suffered a ransomware attack in the past year said cybercriminals attempted to compromise their backup data, and about two-thirds said they were successful.
Without backups, the outcome was often even worse, with organizations reporting higher ransom demands and being more likely to pay money to regain access to their data. The median overall recovery cost doubled, according to the study.
Although nearly all organizations recovered their data, about half ended up paying the ransom. The FBI advises organizations to avoid ransom payments as they may encourage cybercriminals and encourage further attacks.
Ransom payments can also be expensive. According to Sophos research, the median payout from ransomware attacks was $1.5 million. Also, victims rarely pay the initial amount demanded by cybercriminals. Nearly 60% paid more than originally requested.
Sophos said patching software vulnerabilities is key for healthcare organizations to avoid ransomware attacks. But experts say hospitals often struggle to stay on top of software updates and patches, which can force them to take devices offline.
Healthcare companies should use multi-factor authentication, which uses a second method to verify a user's identity, and train employees to detect malicious emails and phishing attempts to prevent incidents. The cybersecurity firm added.
