MANILA, Philippines – British cybersecurity firm Sophos on Monday, June 6, reported that ransomware attacks on health organizations have increased by 94% from 2020 to 2021, with 34% of organizations surveyed reporting an attack in 2020, and 66% reporting the same in 2021.

Healthcare organizations and hospitals are known to be prime targets of ransomware attackers due to the sensitivity of the data involved, and the urgency that patients need to regain access to their data in order to receive the health service needed. 

In 2017, one of the biggest ransomware attacks, known as “WannaCry,” took the UK’s National Health Service hostage, forcing major disruptions to patient care. That trend has only grown, according to Sophos’ survey of 5,600 IT professionals in mid-sized organizations, including 381 healthcare respondents, across 31 countries, conducted in January and February 2022.

Sophos said that the rise in attacks have demonstrated that threats have become “more capable at executing the most significant attacks at scale,” which could partially be attributed to the rise and “growing success” of the ransomware-as-a-service model.

Ransomware-as-a-service allows threat actors to pay those with ransomware expertise and tools to conduct an attack. 

The firm also noted, “Healthcare saw the highest increase in volume of cyber attacks (69%) as well as the complexity of cyber attacks (67%) compared to the cross-sector average of 57% and 59% respectively.” 

Healthcare organizations also had the second-highest average ransomware recovery or remediation costs at $1.85 million, taking one week on average to recover from an attack. Those who pay the ransom instead, pay $197,000 on the average, which is lower than the cross-sector average of $812,000. Healthcare organizations pay the ransom most often at 61%, because, as Sophos noted, the remediation costs are often much more expensive than merely paying the ransom. 

“The data that healthcare organizations harness is extremely sensitive and valuable, which makes it very attractive to attackers. In addition, the need for efficient and widespread access to this type of data – so that healthcare professionals can provide proper care – means that typical two-factor authentication and zero trust defense tactics aren’t always feasible. 

This leaves healthcare organizations particularly vulnerable, and when hit, they may opt to pay a ransom to keep pertinent, often lifesaving, patient data accessible. Due to these unique factors, healthcare organizations need to expand their anti-ransomware defenses by combining security technology with human-led threat hunting to defend against today’s advanced cyberattackers,” said John Shier, senior security expert at Sophos. – Rappler.com