It costs about $1.85 million to recover systems after a ransomware attack in healthcare, the second-highest of all sectors, according to a new report by cybersecurity firm Sophos. Ransomware attacks on organizations in the healthcare sector saw a sharp 94% increase in 2021, triggering a spike in providers paying ransom demands in the industry.
The report titled “The State of Ransomware in Healthcare 2022” states that in 2021, 66% of healthcare organizations were affected, while 34% were affected in the previous year.
Sophos data, which surveyed 5,600 IT professionals, including 381 healthcare respondents, in medium-sized organizations in 31 countries, including India, during the first two months of 2022 showed that healthcare organizations were the most likely to pay ransom demands compared to others. More likely. industry.
“Ransomware in the healthcare sector is more finicky than other industries in terms of both protection and recovery,” said John Shearer, senior security expert at Sophos. “The data used by healthcare organizations is extremely sensitive and valuable, which makes it very attractive to attackers,” he said.
The report comes on the heels of the annual Verizon Data Breach Investigation Report on the rise of more influential ransomware campaigns and run-of-the-mill hacking attacks against health care, as well as an increase in data leaks by threat groups. has been highlighted.
Sophos data further showed the number of provider organizations that paid ransoms after falling victim to the attack last year. 61% of healthcare respondents admitted to paying a ransom, which is 15% higher than in other regions.
Shear said, “The greatest increase in the volume and complexity of attacks on health care compared to all other sectors is a possible reason behind their high propensity to pay and overcome their limited preparedness in dealing with such attacks.” “
Higher treatment costs in healthcare from a lack of cybersecurity expertise, the growth of medical Internet of Things (IoT) devices, substandard legacy systems, and operational impacts, “which leads to an inability to quickly repair vulnerable systems,” he said. Told.
Notably, the sector paid the least to hackers, regardless of the amount of ransom payments in healthcare. The report confirms that at-risk groups are targeting healthcare more often, but demand remains low, with an average of $197,000 per ransom. In fact, more than half the ransom amount was less than $50,000.
The researcher also noted that the lower payments likely reflect “the constrained finances of many health organizations.”
Nevertheless, the average ransom paid by healthcare entities still increased by 33% in 2021, with the proportion of victims paying ransoms of $1 million or more nearly threefold.
The report also showed gaps in cyber insurance coverage; The study noted that about 25% of healthcare providers do not have cyber insurance, and of those who do, nearly half said “there are exclusions or exceptions to their policies.”