Sophos has released the State of Ransomware in Healthcare 2023, an insightful report based on a survey of 233 IT/cybersecurity professionals across 14 countries working in the healthcare sector. The findings reveal the real-world ransomware experiences of the sector.
Rate of attack and data encryption
The 2023 survey revealed that the rate of ransomware attacks in healthcare has decreased from 66% to 60% year over year. Even though the rate of attack in the 2023 study has dropped, it is almost double the 34% reported by the sector in 2021.
The rate of data encryption following a ransomware attack in healthcare was the highest in the last three years: 73% of healthcare organizations reported that their data was encrypted in the 2023 report, up from 61% in the 2022 report and 65% in the 2021 report.
In more than one-third of the attacks (37%) where data was encrypted, data was also stolen, suggesting that this “double dip” method (data encryption and data exfiltration) is becoming commonplace.
Root causes of attacks
Compromised credentials (32%) were the most common root cause of the most significant ransomware attacks in the healthcare sector, followed by exploited vulnerabilities (29%). Email-based attacks (malicious emails or phishing) were the starting points for over a third of attacks (36%) in healthcare organizations, higher than the cross-sector average of 30%.
Data recovery and the propensity to pay the ransom
All healthcare organizations got their encrypted data back, above the cross-sector average of 97%. 42% of healthcare organizations paid the ransom to recover their encrypted data, while over three-quarters (73%) used backups for data recovery. The propensity to pay the ransom in healthcare was considerably less than in last year’s report, with the rate of ransom payment decreasing from 61% to 42% year over year. The use of backups to restore data went up very slightly from 72% in the 2022 report to 73% in the 2023 report.
The recovery costs for healthcare organizations increased from $1.85M to $2.20M year over year and are almost double the $1.27M reported by the sector in our 2021 survey, likely impacted by the increased frequency of data encryption in ransomware attacks.
Mitigating the ransomware risk
Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:
Strengthen defensive shields, including:
Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations
About the survey
Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 233 in the healthcare sector. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.