Cybersecurity firm Sophos’ “The State of Ransomware in Healthcare 2022” report findings reveal a 94% increase in ransomware attacks on the organisations surveyed in the sector. In 2021, 66% of healthcare organisations were hit, as against 34% the previous year. The silver lining, however, is that healthcare firms are getting better at dealing with the aftermath of ransomware attacks, according to the survey, with 99% of those that were hit getting back at least some of their data after cybercriminals encrypted it during the attacks.
Healthcare organisations had the second-highest average ransomware recovery costs of $1.85 mn, taking one week on average to recover from an attack. Of those organisations that paid a ransom, only 2% got all their data back. 61% of attacks resulted in encryption, 4% less than the global average (65%), it said.
John Shier, senior security expert at Sophos said, “The data that healthcare entities harness is extremely sensitive and valuable, which makes it very attractive to attackers. In addition, the need for efficient and widespread access to this type of data means that typical two-factor authentication and zero trust defence tactics aren’t always feasible. Healthcare entities need to expand their anti-ransomware defences by combining security technology with human-led threat hunting to guard against today’s cyberattackers.”