The healthcare sector has seen a rise in ransomware attacks, even as many other industries have experienced a decline. According to the State of Ransomware in Healthcare 2024 report by Sophos, 67% of healthcare organizations surveyed reported falling victim to a ransomware attack in the past 12 months, up from 60% the previous year and on par with the 66% that experienced such attacks in 2022. This places the healthcare industry second only to the central/federal government, which reported a 68% attack rate.
The impact of these ransomware assaults on healthcare organizations has been severe, with an average of 58% of devices affected per attack. In some cases, as many as 91% of devices were impacted, disrupting operations and patient care. Compounding the issue, the recovery process has become increasingly complex and time-consuming, with 37% of healthcare organizations reporting that it took more than a month to recover from an attack, up from 28% the previous year.
The tactics employed by cybercriminals have also changed, with the most common attack vectors shifting from malicious emails and phishing to exploited vulnerabilities and compromised credentials, which accounted for 34% of attacks each. Brute force attacks, while still relatively rare, have also seen an increase, rising from 1% in 2023 to 4% in 2024.
Read also: Common cyberattack vectors
Ransomware groups have also adopted more sophisticated tactics, such as double extortion, where data is stolen before file encryption. This forces organizations to pay a ransom to decrypt their files and prevent the release of their stolen data. In healthcare, 22% of attacks involved both data theft and encryption, down from 37% the previous year. However, the threat of data exposure remains a concern, with 95% of attacks targeting backup files to hinder recovery efforts.
The financial impact of these attacks has also escalated, with the average initial ransom demand in the healthcare sector reaching $4 million in 2024, up from an average of $1.82 million in 2023. Additionally, the median ransom payment increased from $1.5 million in 2023 to $4.4 million in 2024. Excluding the ransom payment, healthcare organizations reported an average of $2.57 million in recovery costs, further exacerbating the financial burden.
In the news: Cybercriminals hit new ransomware payout record with $75 million demand
In response to the growing threat, healthcare organizations have stressed backup strategies, with 73% of victims able to restore data from backups. However, in 66% of cases, the backups themselves were compromised, leaving victims with little choice but to pay the ransom. To combat these attacks, healthcare organizations have also sought assistance from law enforcement and government agencies, with 61% receiving help dealing with the incident, 59% receiving investigative support, and 41% receiving aid in recovering encrypted data.
The effects of these ransomware attacks extend far beyond the financial and operational disruptions faced by healthcare providers. The compromised availability of systems and data can have profound implications for patient care and public health. Delayed or interrupted access to medical records, diagnostic tools, and treatment protocols can put lives at risk and undermine the overall quality of healthcare delivery.
To combat the growing threat, healthcare organizations must prioritize strengthening their cybersecurity posture and overall resilience. This includes implementing access controls, regularly updating software and systems, conducting risk assessments, and investing in advanced threat detection and response capabilities. Fostering a culture of cybersecurity awareness and employee training can also mitigate the risk of successful attacks.
Read more: A guide to cybersecurity policies
Addressing the ransomware crisis in healthcare will require an approach involving collaboration between healthcare providers, technology vendors, government agencies, and cybersecurity experts. Industry-wide initiatives, such as the development of standardized security frameworks and the sharing of threat intelligence, can help healthcare organizations stay one step ahead of attack tactics.
Regulatory compliance and governance frameworks, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States, can also strengthen the cybersecurity posture of healthcare organizations. Adherence to these guidelines can help ensure the implementation of security controls and the protection of sensitive patient data.
The healthcare industry must also embrace innovative security solutions, using emerging technologies like artificial intelligence, machine learning, and blockchain to enhance threat detection, incident response, and data protection capabilities. By staying at the forefront of cybersecurity advancements, healthcare organizations can better safeguard their infrastructure and maintain the trust of their patients.
Ransomware is malware that holds a victim's data hostage by encrypting it or restricting access to the system. The attackers then demand a ransom in exchange for the decryption key or the restoration of system access.
Experts recommend a multi-layered approach to ransomware defense, including people-focused initiatives, advanced processes, and the deployment of the latest security technologies. Proactive measures to prevent initial access and minimize attack surfaces are necessary in the fight against these threats.
Collaboration, information sharing, and the development of new defensive strategies will be fundamental in the ongoing battle against ransomware. Governments, security vendors, and organizations must work together to stay ahead of the constantly changing tactics employed by cybercriminal groups.
Learn more: HIPAA Compliant Email: The Definitive Guide