Sophos, a global leader in cybersecurity, has published a new sectoral survey report, “The State of Ransomware in Healthcare 2022.” The findings reveal that ransomware attacks on health organizations almost doubled from 34% in 2020 to 66% in 2021.
The survey polled 5,600 IT professionals, including 381 healthcare respondents, in mid-sized organizations (100-5,000 employees) across 31 countries. The silver lining, however, is that healthcare organizations are getting better at dealing with the aftermath of ransomware attacks, according to the survey data. The report shows that 99% of those healthcare organizations hit by ransomware got at least some their data back after cybercriminals encrypted it during the attacks. However, thoise healthcare organizations that paid the ransom got back only 65% of their data in 2021, down from 69% in 2020; furthermore, only 2% of those that paid the ransom in 2021 got all their data back, down from 8% in 2020
Additional findings from report include:
• Healthcare is most likely to pay the ransom, ranking first with 61% of organizations paying the ransom to get encrypted data back, compared with the global average of 46%; this is almost double than 34% who paid the ransom in 2020
• However, healthcare pays the least ransom amount: US$197,000 was the ransom amount paid by healthcare in 2021 compared with the global average of $812,000.
• Healthcare organizations had the second-highest average ransomware recovery costs with $1.85 million, taking one week on average to recover from an attack.
The report also revealed that the growing rate of ransomware attacks in healthcare reflects the success of the ransomware-as-a-service model, which significantly extends the reach of ransomware by reducing the skill level required to deploy an attack. Most healthcare organizations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance. However, there is relatively low cyber insurance coverage in healthcare with the report finding that only 78% of healthcare organizations have cyber insurance coverage compared with the global average of 83%.
Although more healthcare organizations are now opting for cyber insurance, the vast majority of them (93%) with insurance coverage report finding it more difficult to get policy coverage in the last year.
With ransomware being the single largest driver of insurance claims, 51% reported the level of cybersecurity needed to qualify is now higher, putting a strain on healthcare organizations with lower budgets and less technical resources.
“Ransomware in the healthcare space is more nuanced than other industries in terms of both protection and recovery,” explained John Shier, senior security expert at Sophos. “The data that healthcare organizations harness is extremely sensitive and valuable, which makes it very attractive to attackers. In addition, the need for efficient and widespread access to this type of data – so that healthcare professionals can provide proper care – means that typical two-factor authentication and zero trust defense tactics aren’t always feasible. This leaves healthcare organizations particularly vulnerable, and when hit, they may opt to pay a ransom to keep pertinent, often lifesaving, patient data accessible. Due to these unique factors, healthcare organizations need to expand their anti-ransomware defenses by combining security technology with human-led threat hunting to defend against today’s advanced cyberattackers.”
In the light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors:
• Install and maintain high-quality defenses across all points in the organization’s environment. Review security controls regularly and make sure they continue to meet the organization’s needs
• Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open Remote Desktop Protocol ports. Extended Detection and Response (XDR) solutions are ideal for helping to close these gaps
• Make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption
• Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist
• Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated
Sophos, headquartered in Oxford, UK, protects more than 500,000 organizations and millions of consumers in more than 150 countries from the most advanced cyberthreats. www.sophos.com.