A new Sophos report reveals that ransomware attacks on healthcare organizations have surged to their highest levels in four years, with 67% of institutions affected in 2024. The report also highlights longer recovery times and rising costs, with the average recovery expense reaching $2.57 million this year.
7 October 2024 – Sophos, a global cybersecurity leader, has released its latest report, The State of Ransomware in Healthcare 2024, revealing that ransomware attacks against healthcare organizations have reached their highest levels in four years. According to the survey, 67% of healthcare institutions were impacted by ransomware in 2024, a significant increase from 60% in 2023. This spike is in stark contrast to the general decline in ransomware attacks across other sectors, which saw a decrease from 66% in 2023 to 59% in 2024.
The report also highlighted alarming trends in recovery times for healthcare organizations. Only 22% of affected institutions were able to recover within a week, down sharply from 47% in 2023. More concerning, 37% of organizations required over a month to restore their systems, further emphasizing the growing complexity and severity of these attacks.
John Shier, Field CTO at Sophos, emphasized the unique vulnerabilities faced by the healthcare sector. “While ransomware rates may be stabilizing or even declining in other industries, healthcare remains a prime target due to the sensitive nature of its data and the critical need for accessibility. Unfortunately, many healthcare organizations are still ill-prepared, leading to extended recovery times that can disrupt patient care.”
Other significant findings from the report include a surge in recovery costs, with the average healthcare organization spending $2.57 million in 2024 to recover from an attack, up from $2.2 million the previous year. Notably, 57% of institutions that paid a ransom ended up paying more than the initial demand.
The root causes of these attacks were largely attributed to compromised credentials and exploited vulnerabilities, each accounting for 34% of attacks. In addition, 95% of healthcare organizations that experienced ransomware attacks reported that cybercriminals attempted to compromise their backups. Organizations whose backups were compromised were more than twice as likely to pay a ransom to recover their data.
The survey also revealed that insurance providers played a significant role in facilitating ransom payments, contributing to 77% of all ransom payments, with 19% of total payments coming directly from insurers.
Sophos’ report provides insights into the broader ransomware landscape, based on a survey of 5,000 IT and cybersecurity professionals across 14 countries and 15 industries, including 402 healthcare organizations. The findings underscore the need for healthcare organizations to adopt proactive, technology-driven approaches to bolster their defenses and reduce recovery times in the event of an attack.
