HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

What are ransomware recovery costs? 

Written by Kirsten Peremore | Feb 12, 2025 2:44:36 PM

Ransomware recovery costs are made up of costs that extend far beyond the ransom payment itself. On average organizations can expect these costs to reach over $4 million, often because of expenses related to downtime operations alongside ransom demands.

 

The average costs associated with ransomware recovery

Recent statistics show that the U.S. cost of recovery increased from $2.2 million to $2.5 million in 2024. These costs may be caused by: 

  • The average downtime for data breaches can reach up to 26 days, often halting operations. 
  • Costs related to restoring data from backups or decrypting encrypted files can be substantial. 
  • Time spent by IT personnel on recovery efforts adds to overall costs. 
  • Expenses for repairing or replacing affected systems and networks contribute to recovery costs.

 

Is there value in cyber insurance?

Cyber insurance is a way for organizations to financially protect themselves from costs associated with cyber incidents. The coverage can assist businesses in carrying the financial burden of an attack but can add to a facility’s overall monthly expenses. 

According to Economics of Cyber Security, “Some cyber‑insurance policy holders find that their insurance does not cover all the losses in case of a cyberattack. To take an example, in December 2013, Target faced a high‑profile security breach, which compromised 40 million credit and debit‑card accounts and 70 million customers’ personal data. Target had cyber‑insurance when it was hacked. However, it only covered the first US$100 million. Actual costs exceeded US$450 million.” For some organizations who seek protection after discovering a breach, this might diminish coverage options. 

 

Strategies that can minimize ransomware risks

  1. Identity and access management policies like the principle of least privilege can ensure staff members only access resources needed for their work. 
  2. Safety information and event management alongside extended detection and response tools assist security teams in threat detection and responses. 
  3. Organizations can use the 3-2-1 rule for backups by keeping three copies of data on different storage types. For healthcare organizations, it's imperative to make sure each storage option remains HIPAA compliant.
  4. Set up email filters to detect phishing attempts and activate spam filters. The use of HIPAA compliant email solutions like Paubox offers a form of security that organizations outside the healthcare sector can also enjoy. 

 

FAQs

What are common methods used by attackers to spread ransomware in healthcare?

Common methods include phishing emails, drive-by downloads, infected removable media, cloud storage exploitation, and vulnerabilities in a remote desktop protocol (RDP).

 

How can network segmentation help mitigate ransomware attacks?

Network segmentation limits the spread of ransomware by dividing networks into isolated segments, reducing the attack surface. 

 

How should backups be stored securely against ransomware threats?

Backups should be stored on separate networks or offline storage devices that are regularly tested for integrity and security isolation.
View full post