Healthcare industry needs to expand anti-ransomware defenses 

Ransomware attacks on healthcare providers nearly doubled in 2021. According to Sophos “The State of Ransomware in Healthcare 2022” report, which surveyed 381 healthcare IT professionals in 31 countries, there has been a 94% increase in this type of attack – 66% of healthcare organizations were hit by ransomware last year versus 34% in 2020.

The upside of the survey is that the industry is coping better with the aftermath of ransomware attacks – 99% of healthcare organizations hit by ransomware recovered at least some of their data after it had been encrypted by the cybercriminals.

“Ransomware attacks in healthcare have subtle differences from other industries in terms of protection and recovery. Data used by healthcare organizations is extremely critical and valuable, which makes it very attractive to attackers. In addition, in order for healthcare professionals to provide proper care, they need to have efficient and widespread access to the data. This means that typical two-factor authentication and zero-trust defense tactics are not always feasible. This leaves healthcare organizations particularly vulnerable, and when hit, they may end up choosing to pay ransoms to keep patient data, which is often life-saving, accessible,” explains John Shier, Senior Security Specialist at Sophos. 

According to him, because of these particular factors, healthcare organizations need to expand their anti-ransomware defenses “by combining security technology with human-led threat hunting to defend against today’s advanced cyberattacks.”

The survey also revealed that healthcare organizations had the second highest average cost of recovery ($1.85 million), taking on average one week to recover from a ransomware attack. Although they pay ransomware more frequently (61%), they pay the lowest average amount ($197,000) compared to the global average of $812,000 (covering all industries assessed in the survey). 

O inquérito também revelou que as organizações de saúde tinham o segundo maior custo médio de recuperação ($1,85 milhões), levando em média uma semana a recuperar de um ataque de resgate. Embora paguem o resgate com maior frequência (61%), pagam o montante médio mais baixo (197.000 dólares) em comparação com a média global de 812.000 dólares (abrangendo todas as indústrias avaliadas no inquérito). 

Of the organizations that paid the ransom, only 2% recovered all their data. The 61% share of attacks resulted in encryption, 4% less than the global average (65%).

More healthcare organizations (78%) are opting for cyber insurance, but 93% who take coverage report that it was more difficult to obtain it last year. As ransomware attacks are being the biggest culprit for insurance claims, 51% reported that the cybersecurity requirements requested to qualify are more demanding.

In light of the survey results, Sophos experts recommend a few practices, not just for healthcare organizations, but for everyone in any industry:

• Install and maintain up-to-date defense systems throughout the organization. Review cybersecurity controls regularly to make sure they are meeting protection demands.

• Strengthen the IT environment by seeking to close the main security gaps: unpatched devices, unprotected machines, and open Remote Desktop Protocol (RDP) ports. 

• Back up frequently and test whether data restoration is working properly so that you can get back to business as usual as quickly as possible in case of ransomware attacks, with minimal downtime.

• Proactively look for potential threats so that you can act before the criminals do. If in-house staff do not have the time or expertise to do this, consider hiring Managed Detection and Response (MDR) specialists.

• Prepare for the worst. Know what to do if a cyber incident occurs and keep your plan up to date.

The survey interviewed 5,600 IT professionals in all, including 381 healthcare professionals in mid-sized organizations (100 to 5,000 employees) in 31 countries.