Despite the declining rate of ransomware attacks globally, the healthcare sector appears to be witnessing an exponential increase as reports indicate that attacks against healthcare companies hit a four-year high. This was revealed by Sophos, a global leader in innovative security solutions for defeating cyberattacks in its sector survey report titled “The State of Ransomware in Healthcare 2024.
According to the report, two-thirds or 67 per cent of the organizations surveyed were impacted by ransomware attacks in the past year, up from 60 per cent in 2023. This is in sharp contrast with the declining rate of ransomware attacks across other sectors with the overall rate of ransomware attacks falling from 66 per cent in 2023 to 59 per cent in 2024.
Not only is there a worrying increase in the rate of ransomware attacks, but the healthcare sector has also witnessed increasingly longer recovery times. Of all the victims, only 22 per cent fully recovered in a week or less, representing a considerable drop from the 47 per cent reported in 2023 and 54 per cent in 2022.
In addition, 37 per cent of them said it took them more than a month to recover. This is up from 28 per cent recorded in 2023, reflecting the increased severity and complexity of attacks.
Commenting on the survey report, Field CTO at Sophos, John Shier noted that the increasing levels of attack against healthcare organisations and increasing recovery time points to the fact that cybercriminals now know that many healthcare organisations are not prepared to respond to the attacks.
“While we’ve seen the rate of ransomware attacks reach a kind of “homeostasis” or even declining across industries, attacks against healthcare organizations continue to intensify, both in number and scope. The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organizations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times,” he said.
He also noted that the attacks can have immense ripple effects, as is seen this year with major ransomware attacks impacting the healthcare industry and impacting patient care.
More from the healthcare ransomware report
Aside from the increasing spate of attacks and the increasingly longer recovery time for health companies, the survey report also revealed other important findings. For one, ransom recovery costs have surged with the mean cost of recovery from an attack hitting $2.57 million in 2024. This is up from $2.2 million in 2023 and double the 2021 cost.
Still on ransom payment, many organisations appeared to have paid more than was demanded of them by the cyber criminals with 57 per cent of healthcare institutions that admitted to paying the ransom ending up paying more than the original demand.
Deciphering the root cause of attacks, the report revealed that compromised credentials and exploited vulnerabilities were tied for the number one root cause of attacks. Each of those factors accounted for 34 per cent of attacks.
Cybercriminals are not just targeting databases but also targeting their backups as 95 per cent of healthcare organizations hit by ransomware in the past year said that the cybercriminals also attempted to compromise their backups during the attack.
Successfully compromising a backup is a major goal in itself as it heaps increased pressure on the organisations. According to the report, organizations whose backups were compromised were more than twice as likely to pay the ransom to recover encrypted data. 63 per cent of organisations with compromised backups paid the ransom as against 27 per cent for those who suffered attacks on their primary database alone.
Finally, most of these organisations apparently do not pay their ransom themselves. The Sophos report suggests that insurance providers are heavily involved in ransom payments, contributing to 77 per cent of cases. 19 per cent of total ransom payment funding comes from insurance providers.
“To combat these determined adversaries, healthcare organizations must adopt a more proactive, human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers,” Field CTO at Sophos, John Shier advised.
See also: Why educational institutions paid more ransomware recovery cost in the last year – Sophos