Organisations in the healthcare sector saw a significant bump in cyber criminality as attackers successfully encrypted data in nearly 75 percent of ransomware attacks in 2023, according to the latest Sophos report on the sector.
The State of Ransomware in Healthcare 2023 report notes that this is the highest rate of encryption in the past three years and a significant increase from the 61 percent of healthcare organistions that reported having their data encrypted last year.
The report also shows that the majority of healthcare companies are not prepared to counter an attack. In 2023, only 24 percent of organisations were able to disrupt a ransomware attack before the attackers encrypted their data compared to 34 percent in 2022. This represents the lowest rate of disruption reported by the sector over the past three years.
But Chester Wisniewski, director, field CTO, Sophos, says the percentage of organisation that successfully stop an attack before encryption shows a strong indication of security maturity.
“For the healthcare sector, however, this number is quite low – only 24 percent. What’s more, this number is declining, which suggests the sector is actively losing ground against cyber attackers and is increasingly unable to detect and stop an attack in progress,” said Wisniewski.
Wisniewski highlights two problems including the sophistication of growing attacks and attackers speeding up the timelines for the attacks.
“In the latest Active Adversary Report for Tech Leaders, we found that the median time from the start of a ransomware attack to detection was only five days. We also found that 90 percent of ransomware attacks took place after regular business hours. The ransomware threat has simply become too complex for most companies to go at it alone. All organisations, especially those in healthcare, need to modernise their defensive approach to cybercrime, moving from being solely preventive to actively monitoring and investigating alerts 24/7 and securing outside help in the form of services like managed detection and response (MDR),” Wisniewski said.
Other highlights of the reports include the sad reality that healthcare organisations are slower to recover from an attack. Only 47 percent were able to recover in a week compared to 54 percent last year. However, the overall number of ransomware attacks against healthcare organisations surveyed declined from 66 percent in 2022 to 60 percent this year.
A root cause of the ransomware attacks against healthcare organisations was compromised credentials followed by exploits. The number of organisations surveyed that paid ransom payments declined from 61 percent last year to 42 percent this year, marking a decline compared to the cross-sector average of 46 percent.
“Cyberspace today is ripe with technically sophisticated actors looking for vulnerabilities to exploit. What all this translates to is a multidimensional cyber threat of actors who have the tools to paralyse entire hospitals. Partnering with the private sector is critical to our mission. The information (they) share has real-world impacts and can save real businesses and real lives,” said Christopher Wray, FBI Director.