Healthcare organisations 94% more affected by ransomware
Sophos Cybersecurity, Healthcare, Ransomware
Sophos has published its industry analysis „The State of Ransomware in Healthcare 2022″. The results describe a 94% increase in ransomware attacks on this sector worldwide. this sector of 94%. In 2021, 66% of the healthcare sector was affected. year before, the figure was 34%. Despite this dynamic development, a positive Despite this dynamic development, there is also a positive aspect: the healthcare health care organisations are, according to the survey data, increasingly better able to deal with the consequences of ransomware attacks. The report report shows that 99% of organisations affected by ransomware have recovered at least some recovered at least some of their data after the cybercriminals encrypted it during the encrypted during the attacks.
More Impact of ransomware on the healthcare sector worldwide:
- Healthcare organisations healthcare organisations had the second highest average recovery costs for ransomware, at $1.85 million. average recovery costs for ransomware, and took an average of an average of one week to recover from an attack.
- Based on their own Based on their own experience, 67% of healthcare organisations believe that Cyberattacks have become more complex. This is the highest percentage in the global industry comparison.
- Healthcare healthcare companies are the most likely to pay a ransom (61%). compared to the global average of $812,000 (across all sectors in the survey). survey sectors), the lowest average ransom of US$197,000. lowest average ransom.
- Of the companies that paid the paid the ransom, only 2% got all their data back
- 61% of the attacks resulted in encryption, 4% less than the global average (65%).
More healthcare organisations (78%) are now opting for cyber cyber insurance, but 93% of organisations with coverage report that it has become more difficult in the past year to to obtain insurance coverage. With ransomware being the main reason for insurance claims, 51% of respondents said a higher level of cybersecurity is required to qualify for insurance. qualify. This places a burden on healthcare organisations with smaller budgets and fewer technical resources.
Data in the Healthcare particularly attractive to cybercriminals
"Ransomware in healthcare is more nuanced in terms of protection and recovery protection and recovery than in other industries," says John Shier, senior security Expert at Sophos. "The data that healthcare organisations use, is extremely sensitive and valuable, which makes it very attractive to attackers. In addition, the need for efficient and widespread widespread access to this type of data - so that medical professionals can provide the right care - means that typical two-factor authentication and zero-trust defence tactics may not always be feasible. feasible. This makes healthcare organisations particularly vulnerable, and when they are affected, they may choose to choose to pay ransom in order to gain access to important, often life-saving patient data." Because of these unique factors, healthcare Healthcare organisations need to strengthen their protection against ransomware, by combining security technology with human-led threat hunting. threat hunting to defend against modern cyber attackers, the expert added. defend against modern cyber attackers, the expert added.
Sophos recommends the following steps for better security:
- Install and maintain High-quality protections at all points in the corporate environment. Regularly review security controls and adjust them to meet the requirements of the business.
- Harden the IT environment by Identifying and closing the most important security gaps: unpatched devices devices, unprotected machines and open Remote Desktop Protocol ports. Extended Detection and Response (XDR) solutions are ideal for closing these gaps. close these gaps
- Creating backups and training the recovery of the data, so that the business can be restored as quickly as quickly as possible and with minimal disruption. .
- Proactive threat hunting to identify and stop attackers before they can carry out their attack. can carry out their attack. If the internal team does not have the time or to do this themselves, it is advisable to hire external specialists for managed for managed detection and response (MDR).
- Be prepared with a plan for the Be prepared for the worst case scenario. Know what to do if a cyber incident occurs, and have occurs, and keep the plan up to date.
For the global survey „State of Ransomware in Healthcare 2022″ 5,600 IT professionals, including 381 respondents from the healthcare sector, in medium-sized companies (100-5,000 employees) in 31 countries. For the DACH region, 63 German, 16 Austrian and 8 Swiss IT Austrian and 8 Swiss IT managers from the healthcare sector.