With the COVID-19 pandemic still widespread in many countries in 2021, ransomware attacks on healthcare organizations also increased by 94%. This is one of the findings of Sophos’ report titled “The State of Ransomware in Healthcare 2022.”

The cybersecurity solutions firm polled 5,600 IT professionals, including 381 healthcare respondents, in mid-sized organizations (100-5,000 employees) across 31 countries.

The report also found that 66% of healthcare organizations were hit; 34% were hit the previous year. Another significant finding is that healthcare organizations had the second-highest average ransomware recovery costs with $1.85 million, taking one week on average to recover from an attack. Still, even if healthcare organizations pay the ransom most often (61%), they are paying the lowest average ransoms, $197,000, compared with the global average of $812,000 (across all sectors in the survey).

Ransomware payoffs increase to almost fivefold in 2021 — Sophos
Conti, Karma ransomware launch attacks at the same time — Sophos

“The data that healthcare organizations harness is extremely sensitive and valuable, which makes it very attractive to attackers,” said John Shier, senior security expert at Sophos, in a media release. “In addition, the need for efficient and widespread access to this type of data — so that healthcare professionals can provide proper care — means that typical two-factor authentication and zero trust defense tactics aren’t always feasible.”

Expanding cyber defenses

The report also highlighted that healthcare organizations now have a better response to ransomware incidents with 99% of those hit by ransomware were able to retrieve some of their data back after cybercriminals encrypted it during the attacks. However, the report reveals that of those organizations that paid the ransom, only 2% got all their data back.

“Due to these unique factors, healthcare organizations need to expand their anti-ransomware defenses by combining security technology with human-led threat hunting to defend against today’s advanced cyber attackers,” Shier said.

Sophos experts recommend the following best practices for all organizations across all sectors:

• Install and maintain high-quality defenses across all points in the organization’s environment. Review security controls regularly and make sure they continue to meet the organization’s needs
• Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines, and open Remote Desktop Protocol ports. Extended Detection and Response (XDR) solutions are ideal for helping to close these gaps
• Make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption
• Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist
• Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated