[ad_1]
The newest Sophos annual research of the real-world ransomware experiences of healthcare organizations explores the complete sufferer journey, from assault fee and root trigger to operational affect and enterprise outcomes.
This 12 months’s report sheds mild on new areas of research for the sector, together with an exploration of ransom calls for vs. ransom funds and the way typically healthcare organizations obtain assist from regulation enforcement our bodies to remediate the assault.
Obtain the report to get the complete findings.
Assault charges have elevated, and so have restoration prices
67% of healthcare organizations had been hit by ransomware in 2024, up from 60% reported in our 2023 research. Healthcare’s ransomware assault fee this 12 months is nearly double that reported by the sector in 2021 (34%).
95% of healthcare organizations hit by ransomware previously 12 months stated that cybercriminals tried to compromise their backups in the course of the assault. Of the makes an attempt, two-thirds (66%) had been profitable. This is likely one of the highest charges of backup compromises, with solely the power, oil/fuel and utilities (79%) and schooling (71%) sectors reporting larger charges.
74% of ransomware assaults on healthcare organizations resulted in knowledge encryption, nearly equivalent to the encryption fee reported in 2023 (73%). The sector reported a drop in extortion-only assaults, with solely a single respondent reporting such an assault, in comparison with 4% in our 2023 research.
The imply price in healthcare organizations to get well from a ransomware assault was $2.57M in 2024, a rise from the $2.20M reported in 2023.
Units impacted in a ransomware assault
On common, 58% of computer systems in healthcare organizations are impacted by a ransomware assault, larger than the cross-sector common of 49%. Having your full surroundings encrypted is extraordinarily uncommon, with solely 7% of organizations reporting that 91% or extra of their units had been impacted.
Propensity to pay the ransom has elevated
73% of healthcare organizations restored encrypted knowledge utilizing backups, and 53% paid the ransom to get knowledge again. As compared, globally, 68% used backups and 56% paid the ransom.
Over the past three years, the healthcare sector’s use of backups has remained regular (73% in 2023; 72% in 2022). Nevertheless, the propensity of healthcare organizations to pay ransom has elevated significantly within the final 12 months (42% in 2023), though it stays decrease than the 61% reported in 2022.
A notable change during the last 12 months is the rise within the propensity for victims to make use of a number of approaches to get well encrypted knowledge (e.g., paying the ransom and utilizing backups). On this 12 months’s research, 52% of healthcare organizations that had knowledge encrypted reported utilizing multiple methodology, 3 times the speed reported in 2023 (17%).
Healthcare victims hardly ever pay the preliminary ransom sum demanded
99 healthcare respondents whose organizations paid the ransom shared the precise sum paid, revealing that the common (median) cost was $1.5M in 2024.
Solely 15% paid the preliminary ransom demand. 28% paid lower than the unique demand, whereas 57% paid extra. On common, throughout all healthcare respondents, organizations paid 111% of the preliminary ransom demanded by adversaries.
Obtain the complete report for extra insights into ransom funds and plenty of different areas.
Concerning the survey
The report relies on the findings of an impartial, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders throughout 14 international locations within the Americas, EMEA, and Asia Pacific, together with 402 from the healthcare sector. All respondents signify organizations with between 100 and 5,000 workers. The survey was performed by analysis specialist Vanson Bourne between January and February 2024, and individuals had been requested to reply based mostly on their experiences over the earlier 12 months.
[ad_2]