Report Says Ransomware Hits On Healthcare Up By 94%
On June 6, 2022, Sophos published a sectoral survey titled “The State of Ransomware in Healthcare 2022”. The global leaders in next-gen Cybersecurity revealed some shocking information claiming a 94% increase in ransomware attacks on organizations in the health sector.
The numbers increased from 66% in 2021 and 34% in 2020. However, there is a bright side to the situation. Healthcare organizations are improving while dealing with the repercussion of these ransomware attacks, as per the survey data.
The report states that 99% of organizations struck by the ransomware managed to recover at least some of the data back after the cybercriminals encrypted it.
Ransomeware findings for the healthcare sector
The healthcare organizations also recorded the second-hang recovery cost at around $1.85 million. Nearly 67% of organizations think that cyber-attacks are incredibly complex.
Although the healthcare organizations most often pay the ransom at 61%, they also pay the lowest average ransom at $197,000 compared to the global amounts averaging $812,000.
Only a tiny percentage of 2% who paid ransom managed to recover their data. 61% of attacks ended in data encryption, 4% less than the global average of 65%.
John Shier, the senior security expert at Sophos, states, “Ransomware in the healthcare space is more nuanced than other industries regarding protection and recovery.”
He further mentioned that the data the organizations retain is sensitive. The lack of concrete security measures makes it an easy target for attackers as the healthcare organizations are left with no choice but to pay the ransom.
The Major Problems
Many healthcare organizations (around 78%) are opting for cyber insurance; however, 93% of the state found it difficult to get the policy coverage in the previous year.
Ransomware is one of the highest drivers of insurance claims; 51% of the Cybersecurity required the Cybersecurity level to be higher, thus putting healthcare organizations with lower technical resources and budgets under a higher strain.
The solutions
There are a few recommended practices for the organizations. The starting point is to maintain and install a high-quality defense system in all aspects of the organization. It requires constant reviews of security controls.
Improving the I.T. environment by finding and closing the significant security gaps is a reliable solution. It includes eliminating unpatched devices and unprotected machines. Furthermore, open the remote desktop protocol ports. Response (XDR) solutions and Extended Detection are some efficient methods of removing these gaps.
Making backups and restoring will instantly allow the organization to recover with low disruption. Regularly conducting proactive hunts for the threats to recognize and stop the adversaries before the attack is executed.
If the team lacks the time or expertise, the organization can outsource it to a Managed Detection and Response (M.D.R.) specialist. The experts can also watch for discovering novel ways of hackers and preparing accordingly.
You can avoid a threat under the “The State of Ransomware in Healthcare 2022.”