More than a third of healthcare organizations affected by ransomware last year, report finds


Dive brief:

  • More than a third of healthcare facilities were affected by a ransomware attack in 2020 and among them, 65% said cybercriminals had successfully encrypted their data, according to a report from cybersecurity firm Sophos.
  • The report also found that around a third of the organizations that had data stolen paid the ransom to recover their information, but on average, only 69% of the encrypted data was restored after the ransom was paid.
  • The average bill to be recovered after a ransomware attack was almost $ 1.3 million, which is among the lowest of any industry studied in the report.

Dive overview:

Ransomware is a type of malware that encrypts a victim’s files, making them inaccessible to their owner, unless a ransom is paid to decrypt them.

Sophos commissioned independent research firm Vanson Bourne to survey 5,400 IT decision-makers from various industries around the world earlier this year, including more than 300 small and medium-sized healthcare companies.

The report found that ransomware was relatively prevalent in the healthcare industry, with 34% of organizations affected by such an attack in the past year. Of those who were not affected, 41% said they expected an attack in the future, while only 24% said they felt safe from future attacks.

Health care has done quite well compared to other sectors. The global average of organizations attacked was 37%, with the retail and education sectors experiencing the highest number of ransomware attacks at 44%.

“With healthcare often making the headlines for ransomware attacks, it is perhaps a good surprise that this industry has a lower than average number of attacks,” the report said. “Their overrepresentation in reporting is likely due to the obligations of healthcare organizations to publicize an attack, where many commercial organizations are able to keep bad news private.”

But despite the lower prevalence of attacks, healthcare is less able to stop ransomware than other industries, Sophos has found. The success rate of attackers in encrypting health data was 65%, compared to a global average of 54%, likely due to financial and resource challenges with health IT. Teams are generally understaffed and have been particularly stressed during the coronavirus pandemic.

Additionally, healthcare facilities are among the most likely to pay a ransom to recover their data, possibly worried about the continuity of care for their patients and the lack of backups. Some 34% of those surveyed whose data was encrypted said they paid to retrieve it, compared to a cross-industry average of 32%.

However, paying a ransom is not a certainty that the data will be recovered – one of the reasons why giving in to ransom demands is strongly discouraged by the federal government and cybersecurity experts. Organizations that paid the ransom received on average only 65% ​​of their data, while another third remained inaccessible.

The average ransom payment for healthcare was around $ 131,000, lower than the global average. Healthcare also had the lowest overall cost of recovering from a ransomware attack than any other industry at $ 1.27 million for issues like downtime, lost hours, cost of device and network, ransom, etc. In comparison, the intersectoral average is $ 1.85 million.

While healthcare appears to be doing relatively well compared to other industries when it comes to ransomware attacks in particular, the industry faces a number of unique challenges related to its outdated infrastructure, including departments. underfunded IT and legacy medical devices with little or no cybersecurity features. . Less than half of healthcare facilities met national cybersecurity standards in 2019, even as cyber attacks become increasingly complex.

The percentage of organizations across industries affected by ransomware in 2020 has fallen compared to 2019, according to Sophos. This is a good sign, but it may indicate that attacker behavior is shifting towards smaller-scale, more targeted attacks, which have higher damage potential.

As a result, the report called on healthcare companies to invest more in cybersecurity in the future.

Leave A Reply

Your email address will not be published.