Data Encrypted in 75% of Ransomware Attacks on Healthcare Organizations

Written by

Data was successfully encrypted in 75% of ransomware attacks on healthcare organizations in 2023, according to new research from Sophos.

This represents significant rise from last year’s report, when 61% of healthcare organizations reported having their data encrypted.

There was, however, a reduced frequency of attacks this year, with 60% of healthcare entities surveyed hit in 2023 compared to 66% in 2022.

The survey found that just 24% of healthcare organizations were able to disrupt a ransomware attack before their data was encrypted, a reduction from 34% in 2022.

Attack Timelines Shrinking

The researchers said that the increased success rate of ransomware attacks was in part due to threat actors speeding up their attack timelines, making it harder for defenders to detect and prevent in time. For example, a study published by Sophos in August 2023 found that the median time from the start of a ransomware attack to detection has reduced to just five days.

Chester Wisniewski, director, field CTO at Sophos, commented: “To me, the percentage of organizations that successfully stop an attack before encryption is a strong indicator of security maturity. For the healthcare sector, however, this number is quite low – only 24%. What’s more, this number is declining, which suggests the sector is actively losing ground against cyber-attackers and is increasingly unable to detect and stop an attack in progress.”

The most common initial access vector for ransomware attacks in the healthcare sector was compromised credentials (32%), followed by exploited vulnerabilities (29%).

The report also found that in 37% in ransomware attacks where data was successfully encrypted, data was also stolen. This suggests an increase in ‘double extortion’ tactics.

Damaging Impact on Patient Care

Another concerning finding from the study was that healthcare organizations hit by ransomware attacks are taking longer to recover. Under half (47%) were able to recover within a week this year, compared to 54% in 2022. Additionally, 28% took more than a month to recover, up from 20% in the previous year.

This longer recovery time has led to higher financial costs for healthcare organizations. The average cost of an incident has grown from $1.85m to $2.2m year-over-year.

José Antonio Alcaraz Pérez, head of information systems and communications at Cruz Red Andalusia in Spain, also highlighted the huge impact these incidents have on patient care.

“In 2016, the Red Cross Hospital of Córdoba in Spain suffered a ransomware attack that reached servers and encrypted hundreds of files, medical records and other important patient information. It was a major disruption to our operations and interfered with our ability to care for our patients,” Pérez said.

“The stakes are high in ransomware attacks against healthcare organizations – and attackers know that – meaning we’ll always be a target,” he explained.

Growing Reluctance to Pay Ransom Demands

All the healthcare organizations surveyed who had data encrypted by attackers were able to get the information back. Encouragingly, there was a big fall in the proportion of respondents who admitted paying a ransom to recover the data this year, from 62% to 42%.

There was also a small rise in the proportion of organizations that used backups to recover data, from 72% in 2022 to 73% in 2023. Nearly a fifth (17%) said they used multiple means to recover encrypted data.

How Can Healthcare Organizations Combat Ransomware Attacks

Sophos set out a range of best practices for healthcare organizations to protect themselves against ransomware attacks:

  • Use security tools that defend against common attack vectors, including endpoint protection
  • Adopt zero trust architecture to thwart the abuse of compromised credentials
  • Invest in adaptive technologies that can automatically respond to attacks, buying defenders time
  • Ensure there is 24/7 detection, investigation and response in place across systems, either delivered in-house or by an external party
  • Maintain basic security hygiene, such as timely patching
  • Continuously practice and update incident response plans, including recovering data from backups

In October 2023, Comparitech published research showing that ransomware breaches on the healthcare sector cost the US economy $78bn in downtime alone over the past seven years.

What’s hot on Infosecurity Magazine?