Rise in healthcare ransomware attacks despite overall decline
Sophos has released its annual sector survey report, "The State of Ransomware in Healthcare 2024," which reveals a notable increase in ransomware attacks on healthcare organisations.
According to the report, 67% of healthcare organisations were affected by ransomware in 2024, up from 60% in 2023, representing a four-year high. This surge in attacks on healthcare contrasts with the overall decline in ransomware incidents across all sectors, which fell from 66% in 2023 to 59% in 2024.
The report highlights a concerning trend of longer recovery times for healthcare organisations following ransomware attacks. In 2024, only 22% of healthcare institutions were able to fully recover within a week, a significant drop from 47% in the previous year. Additionally, 37% took more than a month to recover, an increase from 28% in 2023, illustrating the growing complexity and severity of these cyberattacks.
John Shier, field CTO at Sophos, commented on the findings, stating, "While we've seen the rate of ransomware attacks reach a kind of 'homeostasis' or even decline across industries, attacks against healthcare organisations continue to intensify, both in number and scope. The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organisations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times. These attacks can have immense ripple effects, as we've seen this year with major ransomware attacks impacting the healthcare industry and impacting patient care."
Shier emphasised the need for a proactive approach to cybersecurity, saying, "To combat these determined adversaries, healthcare organizations must adopt a more proactive, human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers."
Additional key findings from the report include:
- The average cost of recovery from a healthcare ransomware attack increased to USD $2.57 million in 2024, up from USD $2.2 million in 2023 and double the amount recorded in 2021.
- 57% of healthcare institutions that paid the ransom ended up paying more than the original demand.
- Compromised credentials and exploited vulnerabilities were equally responsible for 34% of attacks, both identified as the top root causes.
- A staggering 95% of healthcare organisations hit by ransomware indicated that cybercriminals attempted to compromise their backups during the attack.
- Organisations whose backups were compromised were more than twice as likely to pay the ransom to recover encrypted data, with 63% of such cases resulting in a ransom payment compared to 27% among those whose backups remained intact.
- Insurance providers play a significant role in ransom payments, contributing in 77% of cases, with 19% of the total ransom payment funding coming from these insurers.
The latest Sophos report aims to shed light on the real-world experiences of healthcare organisations dealing with ransomware. It explores various aspects such as the attack rate, root causes, operational impact, and business outcomes. The findings are based on a broader survey of 5,000 cybersecurity and IT leaders across 14 countries and 15 industry sectors, conducted between January and February 2024.