The State of Ransomware in Healthcare 2022

Sophos has just launched the State of Ransomware in Healthcare 2022, an insightful report carved out of its annual study of the real-world ransomware experiences of healthcare IT professionals. This year, 5,600 IT professionals, including 381 in healthcare, from 31 countries participated in the research.

The study reveals a growing ransomware attack rate on healthcare, resulting in an increasingly tough, broader threat environment for this sector. The study also focuses on the rapidly evolving relationship between ransomware and cyber insurance in healthcare, highlighting how often and how much ransom was paid out by insurance providers against claims by healthcare.

Here are some key findings from the report:

Ransomware attacks on healthcare almost doubled – 66% of healthcare organizations surveyed were hit by ransomware in 2021, up from 34% in 2020
A more challenging healthcare threat environment– this sector saw the highest increase in volume (69%) and perceived complexity (67%) of cyber attacks and the second-highest increase in the impact (59%) of such attacks
Healthcare is most likely to pay the ransom, ranking first with 61% of organizations paying the ransom to get encrypted data back, compared with the global average of 46%; this is almost double than 34% who paid the ransom in 2020
But, healthcare pays the least ransom amount – US$197K was the ransom amount paid by healthcare in 2021 compared with the global average of US$812K
Less data is recovered after paying the ransom – healthcare organizations that paid the ransom got back only 65% of their data in 2021, down from 69% in 2020; furthermore, only 2% of those that paid the ransom in 2021 got ALL their data back, down from 8% in 2020
High cost to recover from ransomware incidents – healthcare ranked second highest at US$1.85M in terms of the average cost to rectify ransomware attacks compared with the global average of US$1.40M
Long recovery time from ransomware attacks – 44% of healthcare organizations that suffered an attack in the last year took up to a week to recover from the most significant attack, whereas 25% of them took up to one month
Low cyber insurance coverage in healthcare – only 78% of healthcare organizations have cyber insurance coverage compared with the global average of 83%
Cyber insurance driving better cyber defenses – 97% of healthcare organizations with cyber insurance have upgraded their cyber defenses to improve their cyber insurance position
Cyber insurance almost always pays out – in 97% of incidents where the healthcare organization had cyber insurance that covered ransomware, the insurer paid some or all the costs incurred (with 47% overall covering the ransom payment)

The growing rate of ransomware attacks in healthcare reflects the success of the ransomware-as-a-service model, which significantly extends the reach of ransomware by reducing the skill level required to deploy an attack. Most healthcare organizations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance.

However, it is getting harder for healthcare to get coverage, likely because of the high rate of ransomware incidents in this sector. The subsequent insurance coverage gap is leaving many healthcare organizations exposed to the full cost of an attack, increasing the overall ransomware remediation costs. As the coverage becomes more challenging to get, healthcare is bolstering its cyber defenses to improve its cyber insurance position.

Read more about the State of Ransomware in Healthcare 2022.