According to the global cybersecurity firm Sophos in its report titled “State of Ransomware in Healthcare 2024,” two-thirds of healthcare organizations encountered ransomware attacks over the past year.
This represents an increase from 60 percent in 2023, marking the highest incidence rate seen in the last four years.
The report indicated that while ransomware incidents had decreased in other industries, the healthcare sector continued to experience escalating cyber threats, emphasizing its susceptibility due to the sensitive nature of healthcare information and services.
It highlighted that the rising number of ransomware attacks on healthcare facilities stood in contrast to the overall decline in ransomware incidents across different sectors.
Furthermore, the report mentioned that the overall ransomware attack rate decreased from 66 percent in 2023 to 59 percent in 2024.
In addition to a rise in ransomware incidents, the healthcare sector reported significantly longer recovery periods, according to the findings.
Sophos noted that only 22 percent of those affected by ransomware were able to fully recover within a week or less, a sharp decline from 47 percent in 2023 and 54 percent in 2022.
Moreover, the report indicated that 37 percent took over a month to recover, rising from 28 percent in the previous year, showcasing the increased severity and complexity of such attacks.
John Shier, the Field Chief Technology Officer at Sophos, commented, “While we’ve seen the rate of ransomware attacks reach a kind of ‘homeostasis’ or even decline across industries, attacks against healthcare organisations continue to intensify, both in number and scope. The highly sensitive nature of healthcare information and the need for accessibility will always place a bullseye on the healthcare industry from cyber criminals.
“Unfortunately, cybercriminals have learned that few healthcare organizations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times. These attacks can have immense ripple effects, as we’ve seen this year with major ransomware attacks impacting the healthcare industry and impacting patient care.”
He suggested that to effectively tackle these persistent threats, healthcare organizations need to adopt a more proactive, human-centered strategy for threat detection and response, integrating advanced technology with ongoing monitoring to outpace attackers.
The latest report from Sophos, which examined real-world experiences with ransomware, detailed the victim journey encompassing attack rates, root causes, operational impacts, and business outcomes for 402 healthcare organizations.
The results for this sector-specific survey were part of a larger vendor-neutral study involving 5,000 cybersecurity and IT leaders conducted from January to February 2024 across 14 countries and 15 different industries.
