Sophos Survey Reveals Alarming Rise in Ransomware Attacks on Healthcare Organizations
Jan 09, 2024: In its latest sector survey report, “The State of Ransomware in Healthcare 2023,” cybersecurity leader Sophos discloses that cybercriminals have achieved a worrying success rate in encrypting data, affecting nearly 75% of healthcare organizations surveyed. The report underscores a significant escalation from the previous year’s 61%, marking the highest encryption rate in the past three years.
Key Findings from the Sophos Survey:
Encryption Success Rates: Cybercriminals successfully encrypted data in nearly 75% of ransomware attacks on healthcare organizations, indicating a notable surge from the 61% reported last year.
Disruption Challenges: Only 24% of healthcare organizations managed to disrupt a ransomware attack before the attackers encrypted their data. This represents a decline from the 34% reported in 2022, marking the lowest rate of disruption over the past three years.
Security Maturity Concerns: The percentage of organizations successfully halting an attack before encryption serves as a crucial indicator of security maturity. For the healthcare sector, this number stands at a concerning 24%, suggesting a decline in security effectiveness against cyber attackers.
Sophistication and Acceleration of Attacks: Ransomware attacks are growing in sophistication, with attackers accelerating their timelines. The median time from the start of a ransomware attack to detection is reported to be just five days. Notably, 90% of these attacks occur after regular business hours.
Recommendations from Sophos: Chester Wisniewski, Director and Field CTO at Sophos, emphasizes the need for organizations, especially in healthcare, to modernize their defensive approach. This involves transitioning from solely preventive measures to actively monitoring and investigating alerts 24/7. Managed Detection and Response (MDR) services are recommended to enhance cybersecurity defenses.
Double Dip Method and Recovery Time: In 37% of ransomware attacks where data was successfully encrypted, data was also stolen, indicating a rise in the “double dip” method. Additionally, healthcare organizations are taking longer to recover, with 47% reporting recovery within a week compared to 54% the previous year.
Root Causes and Ransom Payments: Compromised credentials were identified as the leading root cause of ransomware attacks on healthcare organizations, followed by exploits. The number of healthcare organizations paying ransom payments declined from 61% last year to 42% this year, below the cross-sector average of 46%.
Sophos emphasizes the need for healthcare organizations to leverage the support available from security vendors, like Sophos, to mitigate the significant and growing threat posed by ransomware attacks. The cybersecurity firm recommends implementing best practices such as strengthening defensive shields, optimizing attack preparation, and maintaining security hygiene to enhance resilience against cyber threats.
