Global healthcare organizations (HCOs) experienced a 94% year-on-year surge in ransomware attacks last year, with almost twice as many electing to pay their extorters, according to new data from Sophos.
The security vendor commissioned Vanson Bourne to compile its report, The State of Ransomware in Healthcare 2022, from interviews with 381 IT pros in 31 countries.
It revealed that two-thirds of HCOs were hit by ransomware last year, up from just a third in 2020. Sophos claimed this surge was down to the popularity of ransomware-as-a-service on the cybercrime underground.
However, it could also be a result of the increased willingness of HCOs to pay their attackers. Some 61% paid a ransom in 2021, up from just 34% a year previously.
Sophos claimed that the high cost of remediation, and the impact of operational outages, coupled with the increased sophistication of attacks on the sector could explain this jump. Just 2% of respondents paid a ransom and got all their data back.
“The increase in successful ransomware attacks is part of an increasingly challenging broader threat environment which has affected healthcare more than any other sector,” the report noted.
“Healthcare saw the highest increase in volume of cyber-attacks (69%) as well as the complexity of cyber-attacks (67%) compared to the cross-sector average of 57% and 59% respectively. In terms of the impact of these cyber-attacks, healthcare was the second most affected sector (59%) compared to the global average of 53%.”
Perhaps unsurprisingly, HCOs hit by ransomware recorded a major impact to their business: 94% said it impaired their ability to operate and 90% that it caused loss of revenue. On average, it took victim organizations one week to recover.
The problem is exacerbated by the fact that many HCOs are finding it more difficult to obtain cyber-insurance. Only 78% are covered versus 83% across all sectors.
However, this is forcing improvements in baseline security: 97% of respondents claimed to have made changes to their cyber-defenses as a result of hardening insurance demands.