Ransomware attacks on healthcare firms rise 94% in 2021, says study

Ransomware attacks on healthcare firms rose 94% in 2021 and it costs about $1.85 million to recover systems after the data breach, revealed a new study. 

A new report by cybersecurity firm Sophos claimed that healthcare is the second most attacked sector by the bad actors after manufacturing. The alarming increase of ransomware attacks on healthcare systems is also driving the spike in providers paying the ransom demand in this sector, it added. 

The report titled, “The State of Ransomware in Healthcare 2022” revealed a 94% increase in ransomware attacks on the organisations surveyed in the healthcare sector. In 2021, 66% of healthcare organisations were hit while 34% were hit the previous year.

The Sophos data that surveyed 5,600 IT professionals, including 381 healthcare respondents, in mid-sized organisations across 31 countries, including India during the first two months of 2022, showed that healthcare organisations are the most likely to pay ransom demands, in comparison to other industries. 

Also read: Ransomware attacks look beyond monetary gains to target governments

“Ransomware in the healthcare space is more nuanced than other industries in terms of both protection and recovery,” said John Shier, senior security expert at Sophos. “The data that healthcare organisations harness is extremely sensitive and valuable, which makes it very attractive to attackers,” he added. 

The report comes on the heels of the annual Verizon Data Breach Investigation Report, which highlighted the increase of more impactful ransomware campaigns and run-of-the-mill hacking attacks against healthcare, alongside, the rise in data leaks by threat groups. 

The Sophos data further showed the number of provider organisations that paid ransoms after falling victim to attack doubled last year. There were 61% healthcare respondents who admitted to paying the ransom, that is 15% more than other sectors. 

“The highest increase in the volume and complexity of attacks on healthcare as compared to all other sectors is a likely reason behind their high propensity to pay and overcome their limited preparedness in dealing with such attacks,” Shier said.

The high remediation costs in healthcare stem from its lack of cybersecurity expertise, increase of medical internet of things (IoT) devices, shoddy legacy systems, and operation impacts, “which leads to an inability to quickly remediate vulnerable systems,” he added. 

Notably, despite the volume of ransom payments in healthcare, the sector paid the least to hackers. The report confirms threat groups might be more frequently targeting healthcare, but the demands are lower, with an average of $197,000 per ransom. In fact, more than half of the ransom amounts were less than $50,000. 

The researcher also noted thes low payments likely reflect “the constrained finances of many healthcare organisations.” In fact, just three healthcare respondents said their organisation paid $1 million or more in ransom. 

Nonetheless, the average ransom paid by healthcare entities still increased by 33% in 2021, an almost threefold increase in the proportion of victims paying ransoms of $1 million or more. 

The report also showed gaps in cyber insurance coverage; approximately 25% of healthcare providers don’t have cyber insurance, and for those that do, about half said that “there are exclusions or exceptions in their policies,” the study said.