The ransoms were lower than the global average, and 99% of respondents had received some of the encrypted data released

Based on a “vendor-agnostic survey” of 381 IT professionals in healthcare (among a total of 5,600 IT professionals in various sectors in organizations with 100 to 5,000 employees) across 31 countries from January to February 2022, a cybersecurity firm has concluded that ransomware attacks on the surveyed healthcare organizations had increased by 94% from 2020 to 2021 (i.e., from 34% in 2020 to 66% in 2021).

Data analyzed had also showed that 99% of respondents from healthcare organizations hit by ransomware in 2021 had received “at least some their data back” after cybercriminals had encrypted it during the attacks.

Additional findings for the healthcare sector data analyzed include:

  • Healthcare organizations surveyed had the second-highest average ransomware recovery costs with US$1.85m, taking one week on average to recover from an attack 
  • 67% of healthcare organizations in the survey thought cyberattacks were more complex, based on respondents’ experiences of how the nature of cyberattacks had changed over that in 2020
  • 61% of healthcare organizations that had suffered attacks paid ransoms, compared to the average of 46% in other sectors. The healthcare sector respondents had paid the lowest average ransoms (US$197,000) compared with the global average of US$812,000 (across all sectors in the survey)
  • Of those organizations in the survey that had suffered attacks and had paid the ransom, 2% got all their data back 

According to John Shier, Senior Security Expert, Sophos, which commissioned the survey: “The data that healthcare organizations harness is extremely sensitive and valuable, which makes it very attractive to attackers. In addition, the need for efficient and widespread access to this type of data, typical two-factor authentication and zero trust defense tactics aren’t always feasible. This leaves healthcare organizations particularly vulnerable, and when hit, they may opt to pay a ransom to keep pertinent patient data accessible.”