Ransomware attacks on healthcare organizations increased by 94% year over year, according to the 2022 State of Ransomware Report from cybersecurity firm Sophos. The report is based on a global survey of 5,600 IT professionals and included interviews with 381 healthcare IT professionals from 31 countries. This year’s report focused on the rapidly evolving relationship between ransomware and cyber insurance in healthcare.
66% of surveyed healthcare organizations said they had experienced a ransomware attack in 2021, up from 34% in 2020 and the volume of attacks increased by 69%, which was the highest of all industry sectors. Healthcare had the second-highest increase (59%) in the impact of ransomware attacks.
According to the report, the number of healthcare organizations that paid the ransom has doubled year over year. In 2021, 61% of healthcare organizations that suffered a ransomware attack paid the ransom – The highest percentage of any industry sector. The global average was 46%, which is almost twice the percentage of the previous year.
Paying the ransom may help healthcare organizations recover from ransomware attacks more quickly, but there is no guarantee that paying the ransom will prevent data loss. On average, after paying the ransom, healthcare organizations were only able to recover 65% of encrypted data, down from 69% in 2020. In 2020, 8% of healthcare organizations recovered all of their data after paying the ransom. That figure fell to just 2% in 2021.
While the healthcare industry had the highest percentage of victims paying the ransom for the decryption keys and to prevent the exposure of sensitive data, healthcare had the lowest average ransom amount of $197,000. The global average across all industry sectors was $812,000. The ransom cost was lower in healthcare, but the overall cost of recovery was second-highest, with the total cost of a ransomware attack $1.85 million, which is considerably higher than the global average of $1.4 million.
Even though there is a high risk of suffering a costly ransomware attack, there are relatively low levels of cyber insurance coverage in healthcare. Across all industry sectors, 83% of organizations had cyber insurance. Only 78% of surveyed healthcare organizations said they had a cyber insurance policy. Many cyber insurance providers stipulate that certain baseline security measures must be implemented in order to take out insurance policies, and the level of maturity of cybersecurity programs can have a big impact on the cost of insurance. 97% of healthcare organizations said they had upgraded their cybersecurity defenses to improve their cyber insurance position.
97% of healthcare organizations that had cyber insurance that covered ransomware attacks said the policy paid out, with 47% saying the entire ransom payment was covered by their cyber insurance provider; however, obtaining cyber insurance to cover ransomware attacks is getting much harder due to the extent to which the healthcare industry is being targeted.