Ransomware attacks on healthcare institutions globally have reached alarming new levels in 2024, according to the latest report by cybersecurity firm Sophos. The report, titled “The State of Ransomware in Healthcare 2024,” highlights a troubling trend where healthcare organisations have become the primary target for cybercriminals.
Sophos’ findings reveal that 67% of healthcare institutions were victims of ransomware attacks in the past year. This marks a sharp increase, reaching a four-year high since 2021. The spike in attacks on healthcare stands in contrast to other sectors where ransomware incidents have slightly declined.
John Shier, Field Chief Technology Officer (CTO) at Sophos, emphasized the unique vulnerabilities of the healthcare sector.
“While ransomware attacks are stabilizing or even declining across other industries, healthcare remains a prime target for cybercriminals,” Shier said.
He attributed this to the sensitive nature of healthcare data and the sector’s critical need for constant accessibility. This dependency on real-time access to patient information, Shier explained, makes healthcare institutions more prone to disruption from cyberattacks. This vulnerability means that healthcare organizations are often left ill-prepared to respond to these cyber threats, resulting in longer recovery times and more severe consequences for patient care.
Healthcare organizations have been particularly slow to recover from these cyberattacks. The report shows that only 22% of ransomware victims in the healthcare sector managed to fully recover within a week, a dramatic decrease from 47% in 2023 and 54% in 2022.
Even more concerning is the fact that 37% of healthcare organizations took over a month to recover from ransomware attacks. This significant increase highlights the growing severity and complexity of cyber threats targeting the industry.
The financial costs associated with these attacks have also risen sharply. The average cost of recovering from a ransomware attack in the healthcare sector has jumped to $2.57 million in 2024, compared to $2.2 million in 2023. This is more than double the recovery cost from 2021, demonstrating the growing financial toll of cyberattacks on healthcare providers.
Furthermore, 57% of healthcare organizations that paid ransoms ended up paying more than the initial demand. This statistic underscores the financial burden faced by institutions that are forced into paying large sums to recover vital patient data and resume operations.
The report also highlighted the primary causes of these breaches. According to the findings, compromised credentials and exploited vulnerabilities each accounted for 34% of ransomware attacks on healthcare organizations.
This means that stolen login information and gaps in system security were responsible for a significant portion of these incidents. Cybercriminals often exploit weaknesses in outdated software or take advantage of staff who fall victim to phishing schemes, leading to large-scale system breaches.
In addition, the report revealed that 95% of healthcare organizations hit by ransomware also experienced attempts by cybercriminals to compromise their data backups. Having secure backups is a key defense against ransomware, as it allows organizations to restore their systems without paying a ransom.
However, once backups are compromised, institutions are more likely to give in to ransom demands. According to Sophos, 63% of organizations whose backups were compromised paid the ransom, compared to just 27% whose backups remained secure.
Insurance providers are playing an increasingly central role in covering the costs of ransom payments. The report revealed that insurance contributed to ransom payments in 77% of cases, with 19% of total ransom payments coming directly from insurers.
This involvement of insurance companies may help healthcare institutions recover financially from attacks, but experts warn that it could also encourage cybercriminals to continue targeting healthcare, knowing that insurers will often step in to cover ransom demands.
John Shier emphasized the need for a proactive approach to cybersecurity, especially in healthcare, which faces ongoing and determined threats.
“Healthcare organizations need to combine advanced technology with continuous monitoring to detect and respond to threats effectively. A human-led approach is crucial to staying ahead of these determined adversaries,” Shier advised.
Cybersecurity experts advocate for a blend of technology solutions, such as artificial intelligence-based threat detection and real-time monitoring, alongside staff training on cybersecurity best practices.
The healthcare industry is not alone in its struggle against ransomware. Around the globe, ransomware attacks have become one of the most significant threats to businesses and government institutions.
In Nigeria, the Nigerian Computer Emergency Response Team (ngCERT) has warned of a sharp rise in ransomware attacks from a group known as Phobos. These attacks have targeted critical cloud service providers within Nigeria’s cyberspace, affecting information technology and telecommunication services, including managed cloud services.
NgCERT has been actively working with vulnerable and affected organizations to mitigate these attacks and prevent further escalation. However, the increasing frequency of these incidents serves as a reminder of the broader threat that ransomware poses to national infrastructure.
In 2023, ransomware attacks accounted for 70% of all cyberattacks globally. As cybercriminals continue to innovate and adapt their techniques, institutions across various sectors must take steps to strengthen their defenses.
