Sophos, a leading global cybersecurity firm, has revealed that ransomware attacks on healthcare organizations have reached their highest level in four years. According to the “State of Ransomware in Healthcare 2024” report, two-thirds (67%) of healthcare institutions experienced ransomware attacks in the past year, a significant rise from 60% in 2023. This increase is in contrast to the overall decline in ransomware attacks across other sectors, which fell from 66% in 2023 to 59% in 2024.
The report also highlighted the extended recovery times in the healthcare sector. Only 22% of organizations were able to recover within a week, compared to 47% in 2023 and 54% in 2022. Additionally, 37% took over a month to recover, up from 28% in the previous year. These trends underscore the growing complexity and severity of ransomware attacks targeting healthcare institutions.
John Shier, Sophos’ field CTO, pointed out that healthcare organizations remain a prime target for cybercriminals due to the sensitive nature of their data and the critical need for accessibility. He noted that many healthcare providers are not well-prepared to defend against these attacks, resulting in longer recovery times and disruptions to patient care. Shier emphasized the importance of healthcare organizations adopting a more proactive, human-led approach to threat detection and response, leveraging advanced technology and continuous monitoring.
Key findings from the report include a rise in ransomware recovery costs, with the average cost reaching $2.57 million in 2024, up from $2.2 million in 2023. Moreover, 57% of healthcare organizations that paid ransoms ended up paying more than the initial demand. The report also found that compromised credentials and exploited vulnerabilities were the leading causes of ransomware attacks, each accounting for 34% of incidents.
Additionally, 95% of healthcare organizations targeted by ransomware faced attempts to compromise their backups, and those whose backups were compromised were over twice as likely to pay the ransom to recover their data. Insurance companies played a significant role in ransom payments, contributing in 77% of cases, with 19% of total ransom payments funded by insurers.
The findings are based on a survey of 402 healthcare organizations and are part of a larger study involving 5,000 IT and cybersecurity leaders across 15 sectors in 14 countries. The full report is available on Sophos’ website and provides deeper insights into the state of ransomware attacks in healthcare and other industries.