The rate of ransomware attacks targeting healthcare organizations has reached an alarming peak in 2024, marking a four-year high, according to a report by Sophos.
The survey, titled “The State of Ransomware in Healthcare 2024,” reveals that 67% of healthcare institutions were impacted by ransomware in the past year, an increase from 60% in 2023.
This rise in attacks contrasts with a downward trend across other sectors, where the overall ransomware rate fell from 66% in 2023 to 59% in 2024.
Extended Recovery Times
One of the most concerning findings in the report is the significant increase in recovery times following ransomware attacks. Only 22% of healthcare organizations were able to recover fully within a week, a sharp decline from the 47% recorded in 2023 and 54% in 2022.
Also Read: How Cloudflare uses lava lamps to strengthen website encryption
A staggering 37% of organizations took over a month to recover, up from 28% the previous year. These prolonged recovery times highlight the growing complexity and severity of ransomware attacks on the healthcare sector.
John Shier, field CTO at Sophos, commented, “While we’ve seen the rate of ransomware attacks reach a kind of homeostasis or even declining across industries, attacks against healthcare organizations continue to intensify both in number and scope. The highly sensitive nature of healthcare information and the need for accessibility will always place a bullseye on the healthcare industry from cybercriminals.”
Shier emphasized the importance of healthcare organizations adopting a proactive approach to threat detection and response.
“To combat these determined adversaries, healthcare organizations must adopt a more proactive human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers,” he added.
Soaring Ransom Recovery Costs
The financial burden of ransomware attacks on healthcare organizations is also on the rise. The report found that the average cost of recovery in a ransomware attack rose to $2.57 million in 2024, up from $2.2 million in 2023.
This figure is double the cost recorded in 2021, further demonstrating the escalating financial implications for the healthcare sector.
Also Read: Sophos expands Channel commitment with Partner Care offering
Despite the high costs of recovery, many healthcare institutions are still paying the ransom to regain access to their encrypted data.
The survey reveals that 57% of organizations that paid the ransom ended up paying more than the original demand. The growing pressure to pay ransoms is partly due to the successful targeting of backups by cybercriminals.
Root Causes of Attacks
Compromised credentials and exploited vulnerabilities were identified as the leading causes of ransomware attacks, each accounting for 34% of incidents.
The report highlights the critical need for healthcare organizations to strengthen their cybersecurity measures to mitigate these common vulnerabilities.
Backup Targeting and Increased Pressure
A staggering 95% of healthcare organizations hit by ransomware in the past year reported that cybercriminals attempted to compromise their backups.
The report also reveals that organizations whose backups were compromised were more than twice as likely to pay the ransom to recover their data, with 63% of such organizations paying up, compared to 27% of those whose backups were not affected.
Insurance Providers and Ransom Payments
Insurance providers are playing an increasingly significant role in ransomware payments. According to the report, insurance companies contributed to ransom payments in 77% of cases, with 19% of total ransom payments being funded directly by insurance providers.
This trend raises questions about the role of cyber insurance in perpetuating ransomware attacks, as attackers may be emboldened by the knowledge that insurance providers are likely to cover the ransom.
Conclusion
The 2024 Sophos report underscores the growing threat of ransomware to healthcare organizations and the urgent need for these institutions to adopt more robust cybersecurity measures.
From increasing recovery times and escalating costs to the targeting of backups and reliance on insurance providers, healthcare organizations must be proactive in their defense against ransomware.
Cybercriminals are showing no signs of relenting, and the consequences for the healthcare sector—and patient care—are becoming ever more severe.
