Healthcare ransomware attacks spike as other sectors see decline
Healthcare ransomware attacks spike as other sectors see decline | Insurance Business New Zealand
Cyber
Healthcare ransomware attacks spike as other sectors see decline
Cyber insurance companies and brokers could share findings with healthcare clients
Cyber
By
Roxanne Libatique
Ransomware attacks targeting healthcare organisations have continued to increase in 2024, according to cybersecurity firm Sophos.
This is despite a general decline in ransomware incidents across most other sectors.
Ransomware attacks in healthcare versus other industries
Sophos’ annual report, The State of Ransomware in Healthcare 2024, revealed that 67% of healthcare institutions globally were affected by ransomware this year, a rise from 60% the previous year.
This increase comes in contrast to the overall reduction in ransomware attacks across all industries, which dropped from 66% in 2023 to 59% in 2024.
Cyberattack recovery times for healthcare industry
The report also identified worsening recovery times for healthcare providers.
In 2024, only 22% of healthcare organisations managed to restore operations within a week, compared to 47% in 2023. In contrast, 37% took more than a month to recover, up from 28% in the prior year.
This suggests that ransomware attacks are becoming more complex and difficult for healthcare organisations to recover from.
“The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organisations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times,” he said, as reported by IT Brief.
He added that the lengthy recovery times indicate that many healthcare providers remain unprepared to respond to these types of cyber threats effectively.
Cyberattacks’ financial impact on healthcare industry
Sophos also highlighted the financial toll these attacks have had on the healthcare sector. The average recovery cost rose to US$2.57 million in 2024, up from US$2.2 million the year before.
Among the healthcare organisations that opted to pay a ransom, 57% reported paying more than what was initially demanded.
Cybercriminals target healthcare organisations’ backup systems
One particularly concerning finding is the increased targeting of backup systems. The report stated that cybercriminals attempted to compromise backups in 95% of ransomware attacks on healthcare organisations.
Those whose backups were successfully compromised were twice as likely to pay the ransom to regain access to their data compared to those who retained control over their backups.
Insurance providers continue to play a significant role in ransomware payments, with insurers contributing to the payment of ransoms in 77% of cases. In 19% of the cases, insurers covered a portion of the ransom.
The report’s conclusions are based on data from a global survey conducted between January and February 2024, which included 5,000 cybersecurity and IT professionals across 14 countries and 15 industries.
Increased risks facing healthcare industry
A separate study by Rubrik Zero Labs also confirmed the increased risks faced by healthcare organisations in managing and protecting data.
Rubrik’s study further revealed that the adoption of cloud technology is expanding within healthcare. By the end of 2023, 13% of healthcare data was stored in the cloud, an increase from 9% the previous year.
However, this shift to cloud-based and hybrid environments has not been without challenges. Cyberattacks have increasingly targeted these hybrid systems, affecting not only cloud storage but also on-premises systems and software-as-a-service (SaaS) platforms.
Related Stories
Keep up with the latest news and events
Join our mailing list, it’s free!
