Ransomware Attacks on Healthcare Organizations Increased 94% in 2021, According to Sophos Global Survey

Sophos Press Release

OXFORD, U.K. – June 1, 2022 – Sophos, a global leader in next-generation cybersecurity, has published a new sectoral survey report, “The State of Ransomware in Healthcare 2022.” The findings reveal a 94% increase in ransomware attacks on the organizations surveyed in this sector. In 2021, 66% of healthcare organizations were hit; 34% were hit the previous year.

The silver lining, however, is that healthcare organizations are getting better at dealing with the aftermath of ransomware attacks, according to the survey data. The report shows that 99% of those healthcare organizations hit by ransomware got at least some their data back after cybercriminals encrypted it during the attacks.

Additional ransomware findings for the healthcare sector include:

  • Healthcare organizations had the second-highest average ransomware recovery costs with $1.85 million, taking one week on average to recover from an attack
  • 67% of healthcare organizations think cyberattacks are more complex, based on their experience of how cyberattacks have changed over the last year; the healthcare sector had the highest percentage
  • While healthcare organizations pay the ransom most often (61%), they’re paying the lowest average ransoms, $197,000, compared with the global average of $812,000 (across all sectors in the survey)
  • Of those organizations that paid the ransom, only 2% got all their data back
  • 61% of attacks resulted in encryption, 4% less than the global average (65%)

“Ransomware in the healthcare space is more nuanced than other industries in terms of both protection and recovery,” said John Shier, senior security expert at Sophos. “The data that healthcare organizations harness is extremely sensitive and valuable, which makes it very attractive to attackers. In addition, the need for efficient and widespread access to this type of data – so that healthcare professionals can provide proper care – means that typical two-factor authentication and zero trust defense tactics aren’t always feasible. This leaves healthcare organizations particularly vulnerable, and when hit, they may opt to pay a ransom to keep pertinent, often lifesaving, patient data accessible. Due to these unique factors, healthcare organizations need to expand their anti-ransomware defenses by combining security technology with human-led threat hunting to defend against today’s advanced cyberattackers.”

More healthcare organizations (78%) are now opting for cyber insurance, but 93% of healthcare organizations with insurance coverage report finding it more difficult to get policy coverage in the last year. With ransomware being the single largest driver of insurance claims, 51% reported the level of cybersecurity needed to qualify is higher, putting a strain on healthcare organizations with lower budgets and less technical resources available.

In the light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors:

  • Install and maintain high-quality defenses across all points in the organization’s environment. Review security controls regularly and make sure they continue to meet the organization’s needs
  • Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open Remote Desktop Protocol ports. Extended Detection and Response (XDR) solutions are ideal for helping to close these gaps
  • Make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption
  • Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist
  • Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated

The State of Ransomware in Healthcare 2022” report is available on Sophos.com.  

The State of Ransomware in Healthcare 2022 survey polled 5,600 IT professionals, including 381 healthcare respondents, in mid-sized organizations (100-5,000 employees) across 31 countries.

关于 Sophos

Sophos 是全球下一代网络安全领导者,保护 150 多个国家 500,000 多家企业和数以百万的消费者抵御当前最高级的网络威胁。在 SophosLabs 和 SophosAI 的威胁情报、AI 及机器学习的大力支持下,Sophos 提供多种先进产品和服务,保护用户、网络和端点防范勒索软件、恶意软件、漏洞攻击、网络钓鱼以及各种其他网络攻击。Sophos 提供单个集成云管理控制台 Sophos Central,作为自适应网络安全生态体系的核心,具有中央数据湖,为客户、合作伙伴、开发人员和其他网络安全供应商提供丰富的开放 API。Sophos 通过世界给的的经销商合作伙伴和托管服务提供商 (MSP) 销售产品和服务。Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.com