Ransomware hit 67% of healthcare organizations this year—more than half paid up

A new survey of 400 healthcare entities revealed 67% of them have been hit by a ransomware attack in the last year, signaling an increase in cybercrime targeting hospitals, health systems, government organizations and clinics. 

According to data released last week from cybersecurity firm Sophos, in 2024 ransomware incidents targeting healthcare have increased since last year, when 60% of organizations reported being attacked. To complicate things further, recovery times have also increased. Where 47% of respondents in 2023 said they were able to recover in a week, that number has fallen to 22%.

Of the survey respondents whose systems were partially or fully breached by ransomware, 40% said complete recovery took more than a month. 

Attacks are efficient—and profitable

In terms of how far ransomware spreads, its able to conquer an average of 60% of computer systems at any healthcare entity that falls victim. Additionally, nearly all respondents (95%) also said hackers attempted to access data backups—for 66% of them, the hackers were successful. 

As for what the ransomers demanded once an organization’s data was encrypted—it was money, typically an amount in the millions of dollars. 

“Across the 155 healthcare organizations that had their data encrypted and were able to share the attackers' initial ransom demand, the average ask was $4 million (median), the second highest across sectors after central/federal government organizations, and the average mean was $4.9 million,” the report from Sophos stated. 

The report also noted the average ransom demand seems to be increasing: “One of the most notable findings in this year’s study is that 65% of ransom demands in healthcare organizations are for $1 million or more, with 35% of demands for $5 million or more.”

More than half of victims (53%) end up paying the ransom, but in any case, backups are usually required to fully restore systems. Of victimized respondents, 73% said they relied on their backup data to get back up and running. 

Healthcare the prime target

Other industries report fewer ransomware attacks year over year, making healthcare the primary target, likely due to the sensitive and valuable nature of patient data vs. data in consumer, tech and other sectors. 

Oddly, higher education was the sector most likely to pay a ransom. Healthcare came in second place, with the report adding that only 15% of such entities paid the initial ransom—but once they refused, 57% ended up paying more. 

The full report from Sophos is available here

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met. 

When regulating AI-equipped medical devices, the FDA might take a page from the Department of Transportation’s playbook for overseeing AI-equipped vehicles. These run the gamut from assisting human drivers to fully taking the wheel. 

Kit Crancer, RBMA board member, speaks with Radiology Business about key legislative developments on the Hill that will affect the specialty.