Ransomware strikes hit 2 in 3 healthcare firms

Ransomware attacks on healthcare organisations increased by 94 percent in 2021, with two in every three firms surveyed reporting incidents, according to Sophos.

The State of Ransomware in Healthcare 2022 report from Sophos covered 5,600 IT professionals, including 381 healthcare respondents, in organisations  with 100 to 5,000 employees across 31 countries.

Findings show that 66% of healthcare organisations were hit in 2021 and 34% were hit the year before.

However, survey data also show that healthcare organisations are getting better at dealing with the aftermath of ransomware attacks. 

Almost all (99%) of those healthcare organisations hit by ransomware got at least some their data back after cybercriminals encrypted it during the attacks.

Healthcare organisations had the second-highest average ransomware recovery costs with $1.85 million, taking one week on average to recover from an attack.

Healthcare organisations pay the ransom most often (61%). Of those that did pay the ransom, only 2% got all their data back. Three in every five (61%) of attacks resulted in encryption.

Two in every three (67%) healthcare organisations think cyberattacks are more complex, based on their experience of how these changed over the last year.

John Shier, senior security expert at Sophos, said that the data that healthcare organisations harness is extremely sensitive and valuable, which makes it very attractive to attackers.

“The need for efficient and widespread access to this type of data – so that healthcare professionals can provide proper care – means that typical two-factor authentication and zero trust defense tactics aren’t always feasible,” said Shier. “This leaves healthcare organisations particularly vulnerable and, when hit, they may opt to pay a ransom to keep pertinent, often lifesaving, patient data accessible.”

More healthcare organisations (78%) are now opting for cyber insurance, but 93% of healthcare organisations with insurance coverage report finding it more difficult to get policy coverage in the last year. 

With ransomware being the single largest driver of insurance claims, 51% reported the level of cybersecurity needed to qualify is higher, putting a strain on healthcare organisations with lower budgets and less technical resources available.

Sophos experts recommend that all organisations install and maintain high-quality defenses across all points in the organisation’s environment. Firms should review security controls regularly and make sure they continue to meet the organisation’s needs.

Also, firms should harden the IT environment by searching for and closing key security gaps — unpatched devices, unprotected machines and open Remote Desktop Protocol ports. Extended Detection and Response (XDR) solutions are ideal for helping to close these gaps.

Further, organisations should make backups, and practice restoring from them so that the group can get back up and running as soon as possible, with minimum disruption.

Firms should proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist.