Ransomware hit 67% of healthcare organizations this year—more than half paid up
A new survey of 400 healthcare entities revealed 67% of them have been hit by a ransomware attack in the last year, signaling an increase in cybercrime targeting hospitals, health systems, government organizations and clinics.
According to data released last week from cybersecurity firm Sophos, in 2024 ransomware incidents targeting healthcare have increased since last year, when 60% of organizations reported being attacked. To complicate things further, recovery times have also increased. Where 47% of respondents in 2023 said they were able to recover in a week, that number has fallen to 22%.
Of the survey respondents whose systems were partially or fully breached by ransomware, 40% said complete recovery took more than a month.
Attacks are efficient—and profitable
In terms of how far ransomware spreads, its able to conquer an average of 60% of computer systems at any healthcare entity that falls victim. Additionally, nearly all respondents (95%) also said hackers attempted to access data backups—for 66% of them, the hackers were successful.
As for what the ransomers demanded once an organization’s data was encrypted—it was money, typically an amount in the millions of dollars.
“Across the 155 healthcare organizations that had their data encrypted and were able to share the attackers' initial ransom demand, the average ask was $4 million (median), the second highest across sectors after central/federal government organizations, and the average mean was $4.9 million,” the report from Sophos stated.
The report also noted the average ransom demand seems to be increasing: “One of the most notable findings in this year’s study is that 65% of ransom demands in healthcare organizations are for $1 million or more, with 35% of demands for $5 million or more.”
More than half of victims (53%) end up paying the ransom, but in any case, backups are usually required to fully restore systems. Of victimized respondents, 73% said they relied on their backup data to get back up and running.
Healthcare the prime target
Other industries report fewer ransomware attacks year over year, making healthcare the primary target, likely due to the sensitive and valuable nature of patient data vs. data in consumer, tech and other sectors.
Oddly, higher education was the sector most likely to pay a ransom. Healthcare came in second place, with the report adding that only 15% of such entities paid the initial ransom—but once they refused, 57% ended up paying more.
The full report from Sophos is available here.