IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Cybersecurity
#
Cybercriminals
#
Healthcare

Rise in healthcare ransomware attacks despite overall decline

Today
Author image
By Shannon Williams, Journalist

Sophos has released its annual sector survey report, "The State of Ransomware in Healthcare 2024," which reveals a notable increase in ransomware attacks on healthcare organisations.

According to the report, 67% of healthcare organisations were affected by ransomware in 2024, up from 60% in 2023, representing a four-year high. This surge in attacks on healthcare contrasts with the overall decline in ransomware incidents across all sectors, which fell from 66% in 2023 to 59% in 2024.

The report highlights a concerning trend of longer recovery times for healthcare organisations following ransomware attacks. In 2024, only 22% of healthcare institutions were able to fully recover within a week, a significant drop from 47% in the previous year. Additionally, 37% took more than a month to recover, an increase from 28% in 2023, illustrating the growing complexity and severity of these cyberattacks.

John Shier, field CTO at Sophos, commented on the findings, stating, "While we've seen the rate of ransomware attacks reach a kind of 'homeostasis' or even decline across industries, attacks against healthcare organisations continue to intensify, both in number and scope. The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organisations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times. These attacks can have immense ripple effects, as we've seen this year with major ransomware attacks impacting the healthcare industry and impacting patient care."

Shier emphasised the need for a proactive approach to cybersecurity, saying, "To combat these determined adversaries, healthcare organizations must adopt a more proactive, human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers."

Additional key findings from the report include:

  • The average cost of recovery from a healthcare ransomware attack increased to USD $2.57 million in 2024, up from USD $2.2 million in 2023 and double the amount recorded in 2021.
  • 57% of healthcare institutions that paid the ransom ended up paying more than the original demand.
  • Compromised credentials and exploited vulnerabilities were equally responsible for 34% of attacks, both identified as the top root causes.
  • A staggering 95% of healthcare organisations hit by ransomware indicated that cybercriminals attempted to compromise their backups during the attack.
  • Organisations whose backups were compromised were more than twice as likely to pay the ransom to recover encrypted data, with 63% of such cases resulting in a ransom payment compared to 27% among those whose backups remained intact.
  • Insurance providers play a significant role in ransom payments, contributing in 77% of cases, with 19% of the total ransom payment funding coming from these insurers.

The latest Sophos report aims to shed light on the real-world experiences of healthcare organisations dealing with ransomware. It explores various aspects such as the attack rate, root causes, operational impact, and business outcomes. The findings are based on a broader survey of 5,000 cybersecurity and IT leaders across 14 countries and 15 industry sectors, conducted between January and February 2024.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
ReliaQuest launches AI agent to revolutionise cybersecurity
Vectra AI unveils Clarity Program to boost MSSP cyber services
IGEL unveils new service to recover from cyber attacks swiftly
Selector AI launches innovations to enhance network operations
EY & IBM expand collaboration, anticipate innovative solutions
Top stories
New CEH v13 certification by EC-Council integrates AI skills
Spark teams up with Fidelity Life for data governance strategy
How AI portrays generations: beer is the common link
Morale gap in manufacturing: epicor report reveals insights
Sophos named leader in IDC MarketScape 2024 for MDR services