Ransomware attacks on healthcare increased 94% in 2021
New research has revealed a 94% increase in ransomware attacks on the organisations within the healthcare sector during 2021.
The State of Ransomware in Healthcare 2022 report from Sophos found that in 2021, 66% of healthcare organisations were hit; 34% were hit the previous year.
The silver lining, however, is that healthcare organisations are getting better at dealing with the aftermath of ransomware attacks, according to the survey data. The report shows that 99% of those healthcare organisations hit by ransomware got at least some their data back after cybercriminals encrypted it during the attacks.
Additional ransomware findings for the healthcare sector include:
- Healthcare organisations had the second-highest average ransomware recovery costs with $1.85 million, taking one week on average to recover from an attack
- 67% of healthcare organisations think cyberattacks are more complex, based on their experience of how cyberattacks changed over the last year; the healthcare sector had the highest percentage
- While healthcare organisations pay the ransom most often (61%), they are paying the lowest average ransoms, $197,000, compared with the global average of $812,000 (across all sectors in the survey)
- Of those organisations that paid the ransom, only 2% got all their data back
- 61% of attacks resulted in encryption, 4% less than the global average (65%)
"Ransomware in the healthcare space is more nuanced than other industries in terms of both protection and recovery," says John Shier, senior security expert at Sophos.
"The data that healthcare organisations harness is extremely sensitive and valuable, which makes it very attractive to attackers.
"In addition, the need for efficient and widespread access to this type of data so that healthcare professionals can provide proper care means that typical two-factor authentication and zero trust defense tactics aren't always feasible," he says.
"This leaves healthcare organisations particularly vulnerable, and when hit, they may opt to pay a ransom to keep pertinent, often lifesaving, patient data accessible. Due to these unique factors, healthcare organisations need to expand their anti-ransomware defenses by combining security technology with human-led threat hunting to defend against todays advanced cyberattackers."
More healthcare organisations (78%) are now opting for cyber insurance, but 93% of healthcare organisations with insurance coverage report finding it more difficult to get policy coverage in the last year. With ransomware being the single largest driver of insurance claims, 51% reported the level of cybersecurity needed to qualify is higher, putting a strain on healthcare organisations with lower budgets and less technical resources available.
In the light of the survey findings, Sophos experts recommend the following best practices for all organisations across all sectors:
- Install and maintain high-quality defenses across all points in the organisations environment. Review security controls regularly and make sure they continue to meet the organisations needs
- Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open Remote Desktop Protocol ports. Extended Detection and Response (XDR) solutions are ideal for helping to close these gaps
- Make backups, and practice restoring from them so that the organisation can get back up and running as soon as possible, with minimum disruption
- Proactively hunt for threats to identify and stop adversaries before they can execute their attack if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist
- Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated