Ransomware attacks are devastating healthcare - and things are only getting worse

ID theft
Image credit: Pixabay (Image credit: Future)

Healthcare organizations are losing the battle against ransomware actors, as their results in the fight are getting worse by the year, according to “The State of Ransomware in Healthcare 2023”, a new report by cybersecurity experts Sophos.

Based on a survey of 3,000 IT and cybersecurity leaders in organizations - 233 of which are in healthcare, the report found hackers managed to successfully encrypt data in almost 75% of ransomware attacks over the past year. 

Not only is this the highest rate of encryption in the past three years, but it’s also a significant increase from last year when 61% of respondents said the same.

More stolen files

Equally concerning was that only a quarter (24%) managed to disrupt the attack before the encryption was complete, a 10% drop from last year. What's more, this is also the lowest rate of disruption in the sector for the past three years.

For Chester Wisniewski, Field CTO Director at Sophos, these dwindling numbers are a strong indicator that the sector is “actively losing ground against cyberattackers and is increasingly unable to detect and stop an attack in progress.”

In other words, hackers are growing more sophisticated by the day and the healthcare industry can’t keep up. 

Furthermore, in more than a third (37%) of ransomware attacks where data was successfully encrypted, it was also stolen, which has also increased year-on-year. At the same time, healthcare organizations are taking longer to recover, as 47% managed to get back to their feet in a week (down from 54% a year ago).

The silver lining in this report is that there were somewhat fewer attacks this year - 60% compared to 66% last year. Also, the number of healthcare firms that paid the ransom demand dropped from 61% to 42% year-on-year - this now places the industry below the cross-sector average of 46%.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.