Dive Brief:
Recovery from ransomware attacks is taking longer — sometimes more than a month — as attacks increase against the healthcare industry, according to a survey published last week by cybersecurity firm Sophos.
About two-thirds of respondents said they were hit by a ransomware attack in the past year, up from 60% the year prior. Just 34% said they were hit by a ransomware attack in Sophos’ 2021 report.
Recovery times have also increased. Only 22% of victims fully recovered from the attack in less than a week, compared with 47% in the year prior. Nearly 40% took more than a month to return to normal operations.
Dive Insight:
Increased ransomware attacks in the healthcare sector come as other industries face fewer incidents, according to the survey, which included more than 400 respondents from healthcare organizations.
Nearly 60% of respondents from all sectors reported an attack in the 2024 survey, down from 66% in the previous two years. Healthcare has the second-highest rate of ransomware attacks globally, second only to federal governments, according to the report.
“The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals,” John Shier, field chief technology officer at Sophos, said in a statement. “Unfortunately, cybercriminals have learned that few healthcare organizations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times.”
When ransomware attacks succeed, they can have serious consequences for healthcare organizations. On average, nearly 60% of an organization’s computers are affected by an attack, according to the survey.
Recovery time after ransomware attacks on the rise
Percent of respondents on how long it took their organizations to fully recover
Nearly all companies hit by a ransomware attack in the past year said cybercriminals attempted to compromise their backed up data, and about two-thirds of organizations said they were successful.
Without backups, outcomes were often worse — organizations reported higher ransom demands, and they were more likely to shell out money to return access to their data. Median overall recovery costs doubled, according to the survey.
Though nearly all organizations got their data back, about half said they ended up paying a ransom — which the FBI advises organizations to avoid, given it could encourage cybercriminals and incentivize more attacks.
Paying a ransom can also be pricey. The median payment for ransomware attacks was $1.5 million, according to the Sophos survey. Victims also rarely paid the initial amount demanded by cybercriminals; nearly 60% paid more than the first demand.
Patching software vulnerabilities is key for healthcare organizations to avoid ransomware attacks, Sophos said. But hospitals often struggle to stay on top of software updates and patches, which could require them to take devices offline, experts say.
Healthcare companies should use multi-factor authentication, which uses a second method to verify a user’s identity, and train workers to detect malicious emails or phishing attempts to help prevent incidents, the cybersecurity firm added.