Sophos’s latest annual research delves into the comprehensive ordeal faced by healthcare organizations, tracing the trajectory of ransomware attacks from initial assault costs and root causes to lasting operational impact and strategic business outcomes.
The latest 12-month report offers valuable insights into emerging areas of research within the industry, including a comprehensive examination of ransomware attacks versus traditional cyber threats. Ransomware attacks often prompt frantic requests for assistance from regulatory bodies to help healthcare organizations remediate the damage?
According to a recent report, a staggering 67 percent of healthcare organizations fell victim to ransomware attacks in 2024, marking a significant increase from the 60 percent reported in the previous year’s study. This year’s healthcare ransomware attacks have resulted in a staggering near-doubling of losses compared to those experienced in 2021, with a significant 68% increase.
A staggering 95% of healthcare organizations that have fallen victim to ransomware attacks in the past year reported that hackers attempted to access and exploit their backup systems during the assault. Approximately two-thirds of attempts (66%) have resulted in profitability. One of the most striking instances of compromise in data protection, with a notable exception being the 79% and 71% sectors that reported a rise in breaches.
According to recent statistics, a staggering 74% of ransomware attacks targeting healthcare organizations led to data encryption, mirroring the encryption rate observed in 2023 at 73%. A significant decline was noted in the incidence of extortion-only attacks, with just one respondent experiencing such an occurrence, marking a stark contrast to the 4% reported in our previous 2023 study?
According to a report, the average cost of recovering from a ransomware attack in healthcare organizations rose to $2.57 million in 2024, up from $2.20 million in 2023.
According to recent statistics, a staggering 58% of computer systems in the healthcare sector experience a ransomware attack, significantly higher than the 49% average across all industries. While the encryption of a company’s entire atmosphere is rare, a mere 7% of organizations report that 91% or more of their systems have been affected.
According to recent findings, a significant proportion of healthcare institutions were able to recover their encrypted data by relying on existing backups, with approximately 73% successfully restoring access to their digital records. Globally, a staggering 68% of victims relied on backups to mitigate the effects of cyberattacks, whereas 56% chose to pay the ransom instead.
Over the past three-year period, the frequency of backup usage within the healthcare industry has consistently remained high at 73% in 2023 and 72% in 2022. Despite this trend, the propensity of healthcare organizations to pay ransom has surged notably over the past year, rising to 42% in 2023 – albeit still lower than the 61% reported in 2022.
In recent years, there has been a significant shift in the tactics employed by victims seeking to recover from cyber attacks. Notably, individuals are increasingly leveraging various strategies to regain access to encrypted data, such as paying ransoms or relying on backup systems. After a year-long study, a striking 52% of healthcare organizations revealed they employed multiple encryption methods, a remarkable threefold increase from just 17% in 2023.
According to a survey of 99 healthcare organizations that had paid ransoms, the median payment amount in 2024 was $1.5 million.
Only 15% of victims complied with the initial ransom request. Around one-quarter of respondents reported earning less than what they had initially asked for (28%), while nearly six out of ten (57%) received more compensation than their initial target. According to a survey across various healthcare organizations, the average payment made by respondents was 111% of the initial ransom demand made by attackers.
To gain additional insights into diverse aspects of ransomware and numerous other domains.
A comprehensive report was based on the results of a vendor-neutral survey conducted by Sophos among 5,000 senior IT and cybersecurity professionals across 14 countries in the Americas, Europe, Middle East, Africa, and Asia-Pacific regions, including 402 respondents from the healthcare industry. Respondents represent organizations with a workforce size ranging from 100 to 5,000 employees. The survey was conducted by market research firm Vanson Bourne from January to February 2024, with respondents asked to provide feedback based on their experiences from the past 12 months.
