3 min Security

Healthcare industry increasingly popular target for ransomware criminals

Two-thirds of healthcare organizations were affected last year

Healthcare industry increasingly popular target for ransomware criminals

Healthcare organizations have faced a record number of ransomware attacks in the past year. As many as 67 percent of these were affected by such attacks, a significant increase from the 60 percent in 2023, which was already a significant number.

This is in stark contrast to other sectors, where the rate of ransomware attacks actually dropped by several percent. So says the latest version of State of Ransomware in Healthcare, an annual, global survey by cybersecurity specialist Sophos. To make matters worse, the impact of such attacks is more severe than ever. Only 22 percent of affected organizations recovered within a week, down from 47 percent in 2023 and 54 percent the year before.

Of the affected institutions, 37 percent needed more than a month to get up and running again. The average recovery cost also rose sharply to 2.57 million dollars (2.34 million euros) in 2024, compared with 2.2 million (over 2 million euros) in 2023 and more than doubling since 2021.

Healthcare appears to be a ‘soft target’ with many vulnerabilities. Cybercriminals are targeting this sector because of the sensitive nature of the information and the need for stakeholders to have quick and immediate access to data. John Shier, field CTO at Sophos, points to the long recovery times as an indication that many healthcare organizations are not well prepared.

More proactive attitude desired

“These attacks can have a huge domino effect, as we have seen this year with major ransomware attacks impacting healthcare and patient care.” Shier believes that healthcare organizations should take a more proactive approach to detecting and responding to threats.

Somewhat going against the AI-infused grain, he advocates for human expertise first and foremost in this matter. Advanced technology has its place, but with flesh-and-blood people at the controls and ‘combined with constant monitoring to stay ahead of attackers’.

As many as 34 percent of attacks result from compromised credentials and exploited vulnerabilities. These two vulnerabilities share first place as the cause of many attacks. Cybercriminals also routinely tamper with healthcare organizations’ backup systems.

Nearly all affected organizations (95 percent) regretted reporting that their backups had been compromised during an attack. As a result, organisations were more willing to pay for getting their stolen or encrypted data back.

Insurer often pays the ransom

In more than three-quarters of those cases, the insurer coughed up the ransom, which of course impacts premiums. In addition, 57 percent of the healthcare organizations that paid up, actually paid more than the initial demand.

Sophos’ survey was conducted among over 5,000 IT decision-makers and cybersecurity specialists from healthcare and other industries. To easily compare Sophos’ annual surveys, the company always names them after the year the report is published. In this case, that’s 2024, although many respondents also shared their experiences from the previous year.

Read also: Amount paid in ransomware attacks five times bigger than last year