Ransomware attacks targeting healthcare organisations have continued to increase in 2024, according to cybersecurity firm Sophos.
This is despite a general decline in ransomware incidents across most other sectors.
Sophos’ annual report, The State of Ransomware in Healthcare 2024, revealed that 67% of healthcare institutions globally were affected by ransomware this year, a rise from 60% the previous year.
This increase comes in contrast to the overall reduction in ransomware attacks across all industries, which dropped from 66% in 2023 to 59% in 2024.
The report also identified worsening recovery times for healthcare providers.
In 2024, only 22% of healthcare organisations managed to restore operations within a week, compared to 47% in 2023. In contrast, 37% took more than a month to recover, up from 28% in the prior year.
This suggests that ransomware attacks are becoming more complex and difficult for healthcare organisations to recover from.
John Shier, Sophos’ field chief technology officer, explained that healthcare remains an attractive target for cybercriminals because of the sensitive nature of patient data.
“The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organisations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times,” he said, as reported by IT Brief.
He added that the lengthy recovery times indicate that many healthcare providers remain unprepared to respond to these types of cyber threats effectively.
Sophos also highlighted the financial toll these attacks have had on the healthcare sector. The average recovery cost rose to US$2.57 million in 2024, up from US$2.2 million the year before.
Among the healthcare organisations that opted to pay a ransom, 57% reported paying more than what was initially demanded.
One particularly concerning finding is the increased targeting of backup systems. The report stated that cybercriminals attempted to compromise backups in 95% of ransomware attacks on healthcare organisations.
Those whose backups were successfully compromised were twice as likely to pay the ransom to regain access to their data compared to those who retained control over their backups.
Insurance providers continue to play a significant role in ransomware payments, with insurers contributing to the payment of ransoms in 77% of cases. In 19% of the cases, insurers covered a portion of the ransom.
The report’s conclusions are based on data from a global survey conducted between January and February 2024, which included 5,000 cybersecurity and IT professionals across 14 countries and 15 industries.
A separate study by Rubrik Zero Labs also confirmed the increased risks faced by healthcare organisations in managing and protecting data.
According to the report, healthcare organisations now manage 22% more data than the global average, with sensitive records increasing by 63% over the past year. This growth in data volumes has exposed healthcare providers to greater risks from ransomware attacks, the report noted.
Rubrik’s study further revealed that the adoption of cloud technology is expanding within healthcare. By the end of 2023, 13% of healthcare data was stored in the cloud, an increase from 9% the previous year.
However, this shift to cloud-based and hybrid environments has not been without challenges. Cyberattacks have increasingly targeted these hybrid systems, affecting not only cloud storage but also on-premises systems and software-as-a-service (SaaS) platforms.