Health IT, Hospitals, Payers

Survey: Most health organizations hit by ransomware had their data encrypted

A third of healthcare organizations reported being victims of a ransomware attack in 2020, according to the results of a global survey. Of these, a majority (65%) said their data was encrypted by cybercriminals in the most significant attack they faced.

In 2020, 34% of healthcare organizations worldwide were hit by a ransomware attack, of which 65% said the cybercriminals succeeded in encrypting their data in the most significant attack, according to a new report.

Released by cybersecurity solutions provider Sophos, the report includes the results of a survey that polled 5,400 IT decision-makers across 30 countries in January and February. Of the 5,400 respondents, 328 worked in healthcare.

Among the 65% who said cybercriminals succeeded in encrypting their data, 34% of respondents admitted to paying the ransom to get their data back. The average ransom payment is about $131,304. But, only about 69% of the encrypted data was restored after the ransom was paid.

The rate of ransom payment may be due to the inability of healthcare organizations to restore their data from backups. Globally, just 44% of organizations were able to use backups to restore their data, according to the report.

Not only is restoring data a key challenge following ransomware attacks but so is managing the cost, with the total recovery cost averaging $1.27 million for healthcare organizations.

Looking ahead, almost two-thirds of healthcare respondents (63%) — who reported that they hadn’t experienced a ransomware attack in the last year — expect to be hit in the future.

More than half of these respondents (57%) believe they will be ransomware attack victims because other organizations in the healthcare sector have been targeted. In addition, 55% of respondents said that ransomware attacks are getting increasingly hard to stop due to their sophistication and 39% said they are already experiencing an increase in attempted ransomware attacks.

Among the 79 healthcare respondents whose organizations were not hit by ransomware last year and who do not expect to be hit in the future, 65% said they have trained IT security staff who can stop these attacks and 54% said they have anti-ransomware technology.

Further, 42% said that they have cybersecurity insurance, which will protect them from experiencing ransomware attacks in the future. But this is a misconception because insurance can help organizations deal with the aftermath of an attack, but it can’t help prevent an attack, report authors wrote.

But most healthcare organizations are not placing their faith in cybersecurity insurance alone. About 89% said they have a malware incident recovery plan in place. About half (49%) have a full and detailed plan and 40% have a partially developed plan.

“The best way to stop a cyberattack from turning into a full breach is to prepare in advance,” the authors wrote. “Organizations that fall victim to an attack often realize they could have avoided a lot of cost, pain, and disruption if they had an incident response plan in place.”

Photo: WhataWin, Getty Images