MDR, Network Security

Healthcare Struggles with Impact of Ransomware Attacks

Cybercriminals have successfully encrypted data in nearly 75% of ransomware attacks on healthcare organizations, amounting to the highest rate of encryption in the past three years, Sophos said in a new report.

The study's results, chronicled in the vendor's newly released report, The State of Ransomware in Healthcare 2023, show a significant increase in the number of healthcare organizations (61%) that were impacted by a data encryption event in 2022.

The survey polled 3,000 IT/cybersecurity leaders in organizations with between 100 and 5,000 employees, including 233 from the healthcare sector, across 14 countries in the Americas, EMEA and Asia Pacific.

Healthcare's 24% Success Rate

Of particular note, only 24% of healthcare organizations were able to disrupt a ransomware attack before the attackers encrypted their data. That level is down from 34% in 2022 and is the lowest rate of disruption reported by the sector over the past three years.

“To me, the percentage of organizations that successfully stop an attack before encryption is a strong indicator of security maturity, said Chester Wisniewski, field chief technology officer and Sophos director. "For the healthcare sector, however, this number is quite low — only 24%. What’s more, this number is declining, which suggests the sector is actively losing ground against cyberattackers and is increasingly unable to detect and stop an attack in progress."

Wisniewski believes that the ransomware threat has simply become too complex for most companies to go at it alone.

"All organizations, especially those in healthcare, need to modernize their defensive approach to cybercrime, moving from being solely preventative to actively monitoring and investigating alerts 24/7 and securing outside help in the form of services like managed detection and response (MDR)," he said.

Healthcare Taking Longer to Restore Cyber Health

Additional key findings from the report include:

  • In 37% of ransomware attacks where data was successfully encrypted, data was also stolen, suggesting a rise in the “double dip” method.
  • Healthcare organizations are now taking longer to recover, with 47% recovering in a week, compared to 54% last year.
  • The overall number of ransomware attacks against healthcare organizations surveyed declined from 66% in 2022 to 60% in 2023.
  • Compromised credentials were the number one root cause of ransomware attacks against healthcare organizations, followed by exploits.
  • The number of healthcare organizations surveyed that paid ransom payments declined from 61% last year to 42% this year. This is lower than the cross-sector average of 46%.

Sophos' Steps to Protect Your Organization

Sophos offers recommendations to strengthen security defenses:

  • Security tools defend against the most common attack vectors, including endpoint protection with strong anti-ransomware and anti-exploit capabilities.
  • Zero Trust Network Access (ZTNA) thwart the abuse of compromised credentials.
  • Adaptive technologies respond automatically to attacks, disrupting adversaries and buying defenders time to respond.
  • 24/7 threat detection, investigation and response can be delivered in-house or by a specialized Managed Detection and Response (MDR) provider.

In addition, users should take the following measures:

  • Optimize attack preparation, including regularly backing up, practicing recovering data from backups and maintaining an up-to-date incident response plan.
  • Maintain security hygiene, including timely patching and regularly reviewing security tool configurations.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.