Healthcare Ransomware Attacks Have Almost Doubled

Uploaded on 2022-08-29 in FREE TO VIEW, Directors Reports, BUSINESS-Services-Health & Welfare

Healthcare Ransomware Attacks Have Almost Doubled

Directors Report: This Premium article is exclusive to Premium Subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

Ransomware attacks against healthcare companies are increasing, leaving hospitals and other care facilities' data vulnerable to criminal hackers' demands. The increase in successful ransomware attacks is part of an increasingly challenging broader threat environment which has affected healthcare more than any other sector. 

Healthcare saw the highest increase in volume of cyber attacks (69%) as well as the complexity of cyber attacks (67%) compared to the cross-sector average of 57% and 59% respectively.  In terms of the impact of these cyber attacks, healthcare was the second most affected sector (59%) compared to the global average of 53%.

Almost two-thirds (66%) of healthcare organisations were hit by ransomware attacks last year, up from 34% in 2020, according to a new report from cyber security firm Sophos. The near-doubling of cyber incidents demonstrates how attackers have become “considerably more capable at executing the most significant attacks at scale,” says the report.

Because healthcare organisations are so heavily dependent on access to data, such as patient records, to maintain their operations, they are a frequent target for ransomware attacks. Even a short delay in access to records can result in negative outcomes for patients.

The ransomware business is lucrative for attackers who target healthcare:

  • 61% of organisations reported paying ransoms to get their stolen data back, up from the cross-industry average of 46%. 
  • On average, in 2021, healthcare organisations that paid the ransom got back only 65% of their data, down from 69% in 2020. 
  • Similarly, only 2% of those that paid the ransom in 2021 got all their data back, down from 8% in 2020. in parallel to restore data, highest of all sectors.

A full 61% of the healthcare organisations that reported ransomware attacks had their data encrypted during the event, according to the Sophos report, The State of Ransomware in Healthcare 2022. This was slightly better than the 65% encryption rate across all industry sectors worldwide, “indicating that healthcare was better able to stop data encryption in a ransomware attack,” Sophos said, noting that it also is an improvement from the 65% encryption rate in healthcare in 2020. The report's findings are based on an independent “vendor-agnostic” survey of 5,600 information technology professions in medium-sized organisations, including 381 healthcare respondents across 31 countries.

The report also showed an improvement in the rate of extortion-only attacks to just 4% in 2021, compared to 7% in 2020. In extortion-only attacks, the data is not encrypted but the healthcare organisation was “held to ransom with the threat of exposing data.” The improvement could be because more healthcare organisation have cyber insurance, “which demands higher cyber security defence enhancements.”

The increase in successful ransomware attacks has “affected healthcare more than any other sector,” according to Sophos, which is based in the United Kingdom. Healthcare had the “highest increase in volume of cyber-attacks (69%) as well as the complexity of cyber-attacks (67%)” when compared with cross-sector averages.

Improved Ransomware Outcomes

Almost all (99%) of healthcare organisations subject to ransomware attacks in 2021 got “some encrypted data back” compared with only 93% in 2020. Within this group, 72% were able to restore encrypted data from backup files; 61% also reported that they “paid the ransom to restore data”; and 33% used other means to restore data. 
These numbers show that “many healthcare organisations use multiple restoration approaches to maximise speed and efficacy” to restore data and operations. 

More than half of healthcare organisations (52%) reported using multiple restoration methods, according to Sophos.

Interestingly, 14% of healthcare organisations reported using “three methods in parallel” to restore their data, which was the highest rate across all sectors and double the global average. Healthcare is the sector most likely to pay the ransom, with 61% of respondents whose data was encrypted admitting to paying the ransom compared to the cross-sector average of 46%. This number is also almost double than the 34% who paid the ransom in 2020. 

The highest increase in the volume and complexity of attacks on healthcare as compared to all other sectors is a likely reason behind their high propensity to pay and overcome their limited preparedness in dealing with such attacks. 

Other reasons, as we will see later in this report, could be the impact of ransomware that affects not only the encrypted databases and devices but also the operations and business revenues of healthcare organisations, leaving them in a rush for normalcy. However, healthcare organisation that paid the ransom to restore their data got back only 65% of their data compared with 69% in 2020. Only 2% that paid the ransom received all of their data, down from 8% in 2020.

Cost of Ransomware Attacks

Although healthcare tops the list for payments, it is at the bottom for the amount paid with the “lowest average ransom payment” around $197,000 of all sectors. Although the amounts paid were lower than in other sectors, the “overall amount of ransom paid by healthcare in 2021” went up by 33% compared to 2020, according to Sophos.
Only three respondents said their organisation paid $1 million or more, according to the report. In contrast, 60% of the ransoms paid were less than $50,000. 

The lower amounts likely due to the “constrained finances” of healthcare organisation, especially those in the public sector, according to Sophos.

Paying the ransom, however, is not the only cost of a ransomware attack. Ninety-four percent of respondents said the ransomware attack impacted their ability to operate and 90% of private sector healthcare organisations responded that the attack “caused them to lose business or revenue.” In fact, the average cost for a healthcare organisation to remediate the impact of a ransomware attack went up to $1.85 million in 2021, compared to $1.27 million in 2020. This was the second-highest average cost across all sectors.

It took 44% of healthcare organisations “up to a week” to recover from a ransomware attack in 2021, and 25% took up to a month to recover. The average time for healthcare organisations to recover was one week.

Cyber Insurance

Only 78% of healthcare organisation reported having cyber-insurance against ransomware, with 46% also saying that here are “exclusions or exceptions in their policies.” Additionally, 93% of healthcare organisations with cyber-insurance reported it was getting harder to secure coverage with 34% saying it was also more expensive. Additionally, healthcare organisations reported the level of cyber security required to qualify for coverage was higher, policies are more complex, and fewer companies offer cyber-insurance.

Ransomware impacts healthcare operations, business, and revenue. Most healthcare organisations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance. For them, it is reassuring to know that insurers pay some costs in almost all claims. However, it’s getting harder for organisations to secure coverage. This has driven almost all healthcare organisations to make changes to their cyber defences to improve their cyber insurance position. 

For healthcare organisations with cyber insurance coverage, 97% that were hit by ransomware and had ransomware coverage report that their policy paid out in the “most significant attack.” More than 80% reported the insurer paid the costs incurred to restore operations; however, only 47% reported that the insurer paid the ransom.
"In the face of this near-normalisation, healthcare organisations have gotten better at dealing with the aftermath of an attack: virtually everyone now gets some encrypted data back and nearly three quarters are able to use backups to restore data," said Sophos researchers in their report. "Most healthcare organisations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance," they added. "For them, it is reassuring to know that insurers pay some costs in almost all claims... However, it’s getting harder for organisations to secure coverage. This has driven almost all healthcare organisations to make changes to their cyber defences to improve their cyber insurance position."

Sophos  Recommend Best Practices For Healthcare Organisations 

Review security controls regularly and make sure they continue to meet the organisation's needs.

  •  Install and maintain high-quality defences across all points in the organisation’s environment. 
  • Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open Remote Desktop Protocol ports. Extended Detection and Response (XDR) solutions are ideal for helping to close these gaps.
  • Make backups, and practice restoring from them so that the organisation can get back up and running as soon as possible, with minimum disruption.
  • Proactively hunt for threats to identify and stop adversaries before they can execute their attack. And if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist
  • Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated

The most important thing for anyone in the healthcare field to understand should be that their organisation is extremely likely to suffer a ransomware attack very soon and they need a strategy and engaging tactics to deal with the problem.

References:

Thomson Reuters:   Thomson Reuters:     

Sophos:   HealthcareIT News:   

Tech.co    Interhospi

 HHMGlobal:     Integral Defence

 

« Twitter Concealed Known Security Flaws
Attackers Demand $10m Ransom From French Hospital »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

US Cyber Command (USCYBERCOM)

US Cyber Command (USCYBERCOM)

USCYBERCOM conducts activities to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

Secusmart

Secusmart

Secusmart provide highly secure and encrypted speech and data communication solutions.

Inky Technology Corp

Inky Technology Corp

Inky® Phish Fence is an email protection gateway that uses sophisticated AI, machine learning and computer vision algorithms to block deep sea phishing attacks that get through every other system.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

Satori Cyber

Satori Cyber

The Satori Cyber Secure Data Access Cloud is the first solution on the market to offer continuous visibility and granular control for data flows across all cloud and hybrid data stores.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

Managed IT Services

Managed IT Services

Managed IT Services is a managed IT Services Company offering a diverse range of Cyber Security services and IT solutions.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

Pulsant

Pulsant

Pulsant is the UK’s premier digital edge infrastructure company providing next-generation cloud, colocation and connectivity services.

Astran

Astran

At Astran, we revolutionize data security by introducing a groundbreaking solution for data confidentiality headaches.