Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, have seen such attacks nearly double between 2020 and 2021, according to a survey released this week by Sophos.
The team’s team also found that while the healthcare organizations surveyed are likely to pay ransoms, they rarely get all of their data when they do. Additionally, 78% of organizations purchase cyber insurance in hopes of reducing their financial risk, and 97% of the time the insurance company has paid some or all of the ransomware-related costs.
However, while insurance companies are paying in almost all cases and fueling improved cyber defenses, healthcare organizations – like other industries – are finding it increasingly difficult to insure themselves in the first place.
“The ransomware challenge facing organizations continues to grow,” Sophos researchers wrote in the report.
“The proportion of healthcare organizations directly impacted by ransomware has almost doubled in 12 months. Faced with this near normalization, healthcare organizations have improved their ability to manage the consequences of an attack: virtually everyone now recovers encrypted data and almost three quarters can use backups to restore data.”
Additionally, the shrinking space for cyber insurance “has prompted nearly every healthcare organization to make changes to their cyber defenses to improve their cyber insurance posture,” they wrote. .
Sophos surveyed 5,600 IT professionals worldwide, including 381 in healthcare. The picture painted is of a healthcare industry increasingly under attack by increasingly sophisticated ransomware, with organizations more likely to pay the ransom – ransoms paid on average were the lowest compared to other industries – while improving their defenses.
“Healthcare companies have traditionally been behind other industries that rely heavily on IT technology,” said Garret Grajek, CEO of security provider YouAttest. The register in an email.
Meanwhile, the insurance and finance sectors are also targeted. “Attackers target them because they have less developed security controls and depend on IT departments for their business model.”
The good news is that healthcare organizations are aware that they are under attack. The majority of them have cyber insurance and are improving their security practices, Grajek said, adding that “the chickens are alerted that the fox is circling the coop.”
And the problem only gets worse
The Sophos report comes the same week that FBI Director Christopher Wray, in a speech at Boston College, said the US agency was able to thwart an attempted ransomware attack on Boston Children’s Hospital there. a year ago before it could cause any damage. Wray said Iranian government-backed threat actors tried to hack into the hospital’s network and used the incident – which he called “one of the most despicable cyberattacks I’ve ever seen.” ‘have ever seen’ – to highlight the ongoing cyber threats posed by the governments of countries such as Iran, China, Russia and North Korea.
It’s also the same week that cybersecurity firm Zscaler released its ThreatLabz Ransomware 2022 report, which found that the healthcare industry saw a 650% year-over-year increase in ransomware attacks, fastest growing of any industry.
John Gunn, CEO of authentication security provider Token, said The register in an email, he is not surprised to see healthcare as the main target of ransomware attacks.
“This segment is the most regulated, has the highest revenue and profits, and the most to lose if it doesn’t pay ransomware demand, all of which make it the most attractive target for hackers,” said explained Gunn. “What is surprising is that more and more companies are not improving their access control with better authentication. The front door is still where the majority of hackers enter and that is the easiest to protect.”
Sophos estimates that 66% of healthcare organizations were affected by ransomware in 2021, up from 34% the previous year, an increase of 94%. The researchers wrote that the increase demonstrates “that adversaries have become significantly more capable of executing the most significant attacks at scale. This likely also reflects the growing success of the ransomware-as-a-service model, which significantly extends the reach of ransomware by reducing the level of skill required to create and deploy an attack.”
Data encryption rate fell from 65% in 2020 to 61% last year, possibly indicating healthcare organizations are getting better at stopping data encryption during an attack (the global average remains at 65%). The percentage of healthcare companies with extortion-only attacks — with public data exposure driving the ransom demand, not encryption — fell from 7% to 4%.
Healthcare organizations are also getting better at recovering from an attack, with 99% last year recovering encrypted data, up from 93% in 2020. The industry has proven particularly adept at using multiple approaches to restore their data, including backing up the data (72%) and paying the ransom (61%, up from 34% in 2020), as well as 33% who said they used other means.
Paying the ransom – always risky and frowned upon by lawmakers and cybersecurity vendors – does not guarantee that all data will be decrypted. The average ransom was relatively low at $197,000, but those who paid were only able to recover 65% of their data last year and only 2% recovered all of their data.
The increase in ransomware attacks is part of a broader threat environment that is hitting healthcare more than any other industry, the researchers wrote. It has seen the highest increase in the number of cyberattacks (69%) and attack complexity (67%), according to Sophos.
Rajiv Pimplaskar, CEO of virtual networking company Dispersive Holdings, said The register in an email that the health sector was the sector most affected by data security breaches.
“Because ransomware incidents are highly correlated, this is a particular cause for alarm for health officials and CISOs,” Pimplaskar said. “The proliferation of medical IoT devices that prove invaluable to patient care and yet can pose unforeseen vulnerabilities and attack vectors” compounds the problem. ®