- Ransomware attacks cost the healthcare sector $2.57M, with only 22% of ransomware victims fully recovered in a week or less.
- Organizations with breached backups were twice as likely to pay the ransom to recover encrypted data.
- Insurance providers play a significant role in these ransom payments, contributing to 77% of cases and covering 19% of the total ransom amounts.
Cyber-attacks targeted towards health organisations have increased by 7 per cent in the past year to hit a four-year high since 2021. New findings titled “The State of Ransomware in Healthcare 2024,” by cybersecurity firm Sophos, reveal that healthcare is reporting a rise while other sectors posted a drop.
Of those organizations surveyed, two-thirds or 67 per cent were impacted by ransomware attacks in the past year, up from 60 per cent in 2023.
The rising rate of ransomware attacks against healthcare institutions contrasts with the declining rate of ransomware attacks across sectors. The overall rate of ransomware attacks fell from 66 per cent in 2023 to 59 per cent in 2024.
Alongside an increase in the rate of ransomware attacks, the healthcare sector reported increasingly longer recovery times. Only 22 per cent of ransomware victims fully recovered in a week or less, a considerable drop from the 47 per cent reported in 2023 and 54 per cent in 2022.
Read also: Payment for ransomware attacks increase by 500 per cent in one year
Longer recovery times post ransomware attacks
In addition, 37 per cent took more than a month to recover, up from 28 per cent in 2023, reflecting the increased severity and complexity of attacks. Sophos field Chief Technology Officer John Shier said that while the rate of ransomware attacks has reached a kind of “homeostasis” or even declining across industries, attacks against healthcare organizations continue to intensify, both in number and scope.
“The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organizations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times,” said Shier.
He points out that these attacks can have immense ripple effects, as seen this year with major ransomware attacks impacting the healthcare industry and patient care.
“To combat these determined adversaries, healthcare organizations must adopt a more proactive, human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers,” he added.
Ransomware attacks cost the healthcare sector $2.57M
A new report by cybersecurity firm Sophos reveals that the average cost of recovering from a ransomware attack in the healthcare sector has surged to $2.57 million in 2024, up from $2.2 million in 2023 and double the cost from 2021. Based on data from 402 healthcare organizations, the report highlights ransomware’s growing financial toll on the industry.
In addition to rising costs, 57 per cent of healthcare institutions that paid ransoms ended up paying more than the initial demand, emphasizing the unpredictable nature of cyber extortion.
Sophos identified compromised credentials and exploited vulnerabilities as the leading causes of these attacks, each responsible for 34 per cent of incidents.
Once inside the system, cybercriminals often target backups to increase pressure on organizations. 95 per cent of healthcare organizations affected by ransomware in the past year reported attempts to compromise their backups.
Organizations whose backups were breached were twice as likely to pay the ransom to recover encrypted data, with 63 per cent opting to pay, compared to 27 per cent of organizations whose backups remained intact.
Insurance providers play a significant role in these ransom payments, contributing to 77 per cent of cases and covering 19 per cent of the total ransom amounts.
Sophos’ report underscores the escalating impact of ransomware on healthcare, offering insights into the full attack journey, from the root causes to the operational and financial aftermath.
The results for this sector survey report are part of a broader, vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.
The report is based on the findings of an independent, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific, including 402 respondents from healthcare organizations.
All respondents represent organizations with between 100 and 5,000 employees. Research specialist Vanson Bourne was surveyed between January and February 2024, and participants were asked to respond based on their experiences over the previous year.
