Sophos publishes the results of the report “The State of Ransomware in Healthcare 2024”. The study shows that internationally, the number of ransomware attacks on healthcare organizations has reached a four-year high since 2021. Of the organizations surveyed, 67 percent were affected by ransomware attacks in the past year.
In 2023, this figure was 60 percent. The rising rate of ransomware attacks on healthcare organizations contrasts with the falling rate of ransomware attacks in all other industries; the overall cross-industry rate of ransomware attacks fell from 66 percent in 2023 to 59 percent in 2024.
In addition to the increasing frequency of ransomware attacks, the healthcare sector also reported longer recovery times. Only 22% of victims fully recovered from an attack within a week or less. This is a significant decrease from the 47 percent in 2023 and the 54 percent in 2022. In addition, 37 percent of facilities took more than a month to recover, up further from 28 percent in 2023. These figures reflect the fundamental increase in the severity and complexity of attacks.
“While the overall number of ransomware attacks has reached a sort of ‘homeostasis’ or even declined across industries in recent years, attacks on healthcare organizations continue to increase in both number and scale. The highly sensitive nature of healthcare data and the need for accessibility means that the healthcare industry is continually being targeted by cybercriminals,” said John Shier, Field CTO, Sophos.
“Unfortunately, they have learned that few healthcare organizations are well prepared for attacks, as evidenced by increasingly longer recovery times. As we’ve seen this year with major ransomware attacks on the healthcare industry, the impact of attacks can be immense and disrupt patient care.”
To stay one step ahead of attackers and resist, it’s imperative for healthcare organizations to take a proactive, human-led approach to threat detection and response, combining advanced technologies with continuous monitoring, Shier added.
Further results of the study are:
- Recovery costs for ransomware on the rise: The average cost of recovering from a healthcare ransomware attack was $2.57 million (approx. €2.3 million) in 2024, up from $2.2 million (approx. €1.97 million) in 2023 and actually doubling compared to 2021.
- Ransom demands versus payments: 57 percent of healthcare facilities that paid the ransom ended up paying more than the original demand.
- Main gateway for the attack: Compromised login data and exploited vulnerabilities were the main cause of all attacks, each accounting for 34 percent.
- Backups targeted: 95 percent of healthcare facilities affected by ransomware last year reported that cybercriminals attempted to compromise their backups during the attack.
- Increased pressure: Organizations whose backups were compromised were more than twice as likely to pay a ransom to recover the encrypted data (63 percent vs. 27 percent)
- Who pays the ransom: Insurance providers are heavily involved in ransomware payments, contributing in 77 percent of cases. 19 percent of total ransom payments are financed by insurance providers.
About the study:
Sophos’ study examines ransomware incidents in the field across the entire victim journey, from attack rate and cause to operational impact and business outcomes in 402 healthcare organizations. The findings of this healthcare industry report are part of a comprehensive and independent study of 5,000 cybersecurity/IT executives conducted between January and February 2024 across 14 countries and 15 industries.
(vp/Sophos)