Ransomware-related incidents have increased globally, affecting organizations across various sectors. Healthcare organizations have become the major target of ransomware attacks. Cybersecurity firm Sophos has released a survey report named The State of Ransomware in Healthcare 2024, revealing that the rate of ransomware attacks against healthcare companies has reached a four-year high since 2021.
In 2024, 67% of healthcare organizations were hit by ransomware attacks, up from 60% in 2023, 60% in 2022 and 34% in 2021.
The healthcare sector took increasingly longer recovery times. 22% of ransomware targets fully recovered within a week, a notable drop from the 47% reported in 2023 and 54% in 2022.
37% took more than a month of time to recover, up from 28% in 2023, reflecting the increased severity and complexity of attacks.
The mean recovery cost in a healthcare ransomware attack was $2.57 million in 2024, up from $2.2 million in 2023 and double the cost in 2021.
57% of healthcare companies that paid the ransom paid more than the original demand.
Compromised credentials and exploited vulnerabilities were tied for the number one root cause of the attack, each accounting for 34% of attacks.
95% of healthcare companies hit by ransomware in the past year said that cyber attackers attempted to compromise their data backups during the attack.
Organizations with compromised backups were more than twice as likely to pay the ransom to recover encrypted data (63% vs. 27%).
Insurance providers are involved in ransom payments, contributing to 77% of cases. 19% of total ransom payment funding comes from insurance providers
To Read Full Report, The State of Ransomware in Healthcare 2024.
John Shier, field CTO of Sophos, said, “The highly sensitive nature of healthcare data information and need for accessibility will always place a bullseye on the healthcare industry from cyber criminals. These attacks can have immense ripple effects, as we’ve seen this year, with major ransomware attacks impacting the healthcare industry and impacting patient care. To combat these determined adversaries, healthcare organizations must adopt a more proactive, human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers.”
Root Causes of the Attacks in Healthcare
All healthcare companies hit by ransomware managed to find the root cause of the attack. In 2024, exploited vulnerabilities and compromised credentials were the most common entry methods for ransomware attacks in healthcare organizations, followed by malicious emails, which were the root cause of 19% of attacks.
Also Read: GenAI is a double-edged sword for Defence and Offense in cybersecurity.
