Survey: Healthcare Organizations Struggle to Recover Quickly From Ransomware
A global survey of healthcare IT executives found that 44 percent of healthcare organizations that suffered an attack in the last year took up to a week to recover from the most significant attack, and 25 percent of them took up to one month.
The State of Ransomware in Healthcare 2022 survey from cybersecurity solutions provider Sophos polled 5,600 IT professionals from 31 countries, including 381 in healthcare. In the survey, 66 percent in healthcare said their organization was hit by ransomware in 2021 compared to 34 percent who responded to the survey the previous year.
Among the report’s other troubling findings are that healthcare organizations are more likely to pay the ransom than those in other fields, with 61 percent of organizations paying the ransom to get encrypted data back. Healthcare organizations that paid the ransom got back only 65 percent of their data in 2021, down from 69 percent in 2020; furthermore, only 2 percent of those that paid the ransom in 2021 got all their data back, down from 8 percent in 2020, the report said.
The survey report said that the silver lining is that healthcare organizations are getting better at dealing with the aftermath of ransomware attacks. The report shows that 99 percent of those healthcare organizations hit by ransomware got at least some their data back after cybercriminals encrypted it during the attacks.
More healthcare organizations (78 percent) are now opting for cyber insurance, but 93 percent of healthcare organizations with insurance coverage report finding it more difficult to get policy coverage in the last year. With ransomware being the single largest driver of insurance claims, 51 percent reported the level of cybersecurity needed to qualify is higher, putting a strain on healthcare organizations with lower budgets and less technical resources available.
“Ransomware in the healthcare space is more nuanced than other industries in terms of both protection and recovery,” said John Shier, senior security expert at Sophos, in a statement accompanying the release of the data. “The data that healthcare organizations harness is extremely sensitive and valuable, which makes it very attractive to attackers. In addition, the need for efficient and widespread access to this type of data – so that healthcare professionals can provide proper care – means that typical two-factor authentication and zero trust defense tactics aren’t always feasible. This leaves healthcare organizations particularly vulnerable, and when hit, they may opt to pay a ransom to keep pertinent, often lifesaving, patient data accessible. Due to these unique factors, healthcare organizations need to expand their anti-ransomware defenses by combining security technology with human-led threat hunting to defend against today’s advanced cyberattackers.”
Additional ransomware findings from the Sophos survey data for the healthcare sector include:
- Healthcare organizations had the second-highest average ransomware recovery costs with $1.85 million, taking one week on average to recover from an attack
- 67 percent of healthcare organizations think cyberattacks are more complex, based on their experience of how cyberattacks changed over the last year; the healthcare sector had the highest percentage
- While healthcare organizations pay the ransom most often (61 percent), they’re paying the lowest average ransoms, $197,000, compared with the global average of $812,000 (across all sectors in the survey)
- Of those organizations that paid the ransom, only 2 percent got all their data back
- 61 percent of attacks resulted in encryption, 4 percent less than the global average (65 percent)