Ransomware healthcare

(Source – Pexels)

94% increase in ransomware attacks on healthcare organizations

Ransomware in the healthcare industry was a major problem in most countries in 2021. While most cyber criminals would normally not mess with healthcare infrastructure, healthcare data was still very much high in demand on the dark web.

In Southeast Asia, several healthcare institutions suffered major ransomware and data breach incidents involving patient data in 2021. Some of the incidents involved data being accessed from third party service providers working with the healthcare organization.

In fact, a new sectoral survey report, titled The State of Ransomware in Healthcare 2022 by Sophos revealed a 94% increase in ransomware attacks on the organizations surveyed in this sector. In 2021, 66% of healthcare organisations were hit compared to just 34% that were hit the previous year.

Interestingly, the report also showed that healthcare organizations are getting better at dealing with the aftermath of ransomware attacks, according to the survey data. The report shows that 99% of those healthcare organizations hit by ransomware got at least some their data back after cybercriminals encrypted it during the attacks.

In 2021, healthcare organizations also witnessed having the second-highest average ransomware recovery costs with US$1.85 million, taking one week on average to recover from an attack. 67% of healthcare organizations think cyberattacks are more complex, based on their experience of how cyberattacks changed over the last year; the healthcare sector had the highest percentage.

While healthcare organizations pay the ransom most often (61%), they’re paying the lowest average ransoms, US$197,000, compared with the global average of US$812,000 (across all sectors in the survey). Of those organizations that paid the ransom, only 2% got all their data back. 61% of attacks resulted also in encryption, 4% less than the global average (65%).

For John Shier, senior security expert at Sophos, ransomware in the healthcare space is more nuanced than other industries in terms of both protection and recovery. The data that healthcare organizations harness is extremely sensitive and valuable, which makes it very attractive to attackers.

“In addition, the need for efficient and widespread access to this type of data – so that healthcare professionals can provide proper care – means that typical two-factor authentication and zero trust defense tactics aren’t always feasible. This leaves healthcare organizations particularly vulnerable, and when hit, they may opt to pay a ransom to keep pertinent, often lifesaving, patient data accessible. Due to these unique factors, healthcare organizations need to expand their anti-ransomware defenses by combining security technology with human-led threat hunting to defend against today’s advanced cyber attackers,” commented Shier.

While more healthcare organizations (78%) are now opting for cyber insurance, 93% of healthcare organizations with insurance coverage report finding it more difficult to get policy coverage in the last year. With ransomware being the single largest driver of insurance claims, 51% reported the level of cybersecurity needed to qualify is higher, putting a strain on healthcare organizations with lower budgets and less technical resources available.

As such, Sophos experts recommend the following best practices for all organizations across all sectors. This includes installing and maintaining high-quality defenses across all points in the organization’s environment. There should also be a review on security controls regularly and make sure they continue to meet the organization’s needs.

Apart from that, organizations should harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open Remote Desktop Protocol ports. Extended Detection and Response (XDR) solutions are ideal for helping to close these gaps. As always, they should also make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption.