In a recent survey conducted by Sophos, a renowned global cybersecurity service provider, concerning the state of ransomware attacks in healthcare organizations in 2023, it was unveiled that cybercriminals achieved successful data encryption in nearly 75% of the surveyed healthcare organizations. This represents a substantial escalation compared to the previous year, where 61% of healthcare entities reported falling victim to data encryption.
Furthermore, the survey revealed a concerning decline in the ability of healthcare organizations to thwart ransomware attacks before their data is encrypted. Only 24% of organizations managed to disrupt such attacks, marking a decrease from 34% in the prior year, and the lowest disruption rate in the last three years. This declining trend suggests that healthcare organizations are facing mounting challenges in detecting and preventing ransomware attacks.
Chester Wisniewski, Sophos director, field CTO
The ability to prevent ransomware attacks before encryption is a critical indicator of security maturity. However, the healthcare sector’s low 24% success rate and its continuous decline highlight the sector’s vulnerability to cyberattacks.
He attributed this challenge to the increasing sophistication of ransomware attacks and their accelerated timelines.
Notable findings from the report include:
– In 37% of ransomware attacks where data was successfully encrypted, data theft also occurred, indicating the rise of the “double dip” method.
– Healthcare organizations are taking longer to recover, with 47% reporting a recovery period of a week, compared to 54% in the previous year.
– The overall number of ransomware attacks against surveyed healthcare organizations declined from 66% in 2022 to 60% in 2023.
– Compromised credentials were identified as the primary root cause of ransomware attacks in healthcare organizations, followed by exploits.
– The percentage of healthcare organizations paying ransom payments decreased from 61% in the previous year to 42%, which is lower than the cross-sector average of 46%.
A real-world perspective on the seriousness of ransomware attacks in the healthcare sector was provided by José Antonio Alcaraz Pérez, head of information systems and communications at Cruz Red Andalusia in Spain, who highlighted the significant impact of a ransomware attack on a hospital’s operations and patient care. He emphasized the need for continuous improvement and support from security vendors like Sophos to prevent potential life-threatening consequences in the event of a ransomware attack.
FBI Director Christopher Wray underscored the critical role of public-private partnerships in combating cyberthreats, acknowledging the tangible impact that private sector information sharing can have on safeguarding businesses and lives.
To mitigate the growing threat of ransomware and other cyberattacks, Sophos recommends the following best practices:
– Strengthen defensive measures with robust security tools, including endpoint protection with anti-ransomware and anti-exploit capabilities, Zero Trust Network Access (ZTNA) to counteract compromised credentials, adaptive technologies that respond to attacks, and 24/7 threat detection, investigation, and response.
– Enhance attack preparedness by maintaining regular data backups, practicing data recovery from backups, and keeping an up-to-date incident response plan.
– Maintain security hygiene through timely patching and regular reviews of security tool configurations.
For a more comprehensive understanding of the State of Ransomware in Healthcare in 2023, you can access the full report on Sophos.com. The survey encompassed insights from 3,000 IT and cybersecurity leaders in organizations with 100 to 5,000 employees, including 233 respondents from the healthcare sector, across 14 countries in the Americas, EMEA, and Asia Pacific.