Ransomware Attacks Doubled In Healthcare In Last 2 Years


According to a new poll, nearly two-thirds, i.e., 66% of healthcare businesses faced a ransomware attack in 2021, nearly double the 34% of attacks in 2020.


That’s a 94% increase in a year, according to the latest analysis, sponsored by Sophos, which indicates that the adversaries have become more competent and innovative in their efforts, as well as expanding their numbers.

More than 5,000 IT professionals were interviewed earlier this year for its study, The State of Ransomware in Healthcare 2022. Their responses reveal that they are dealing with a cyber threat that is rapidly rising in range and severity, as well as a rising level of resistance in the face of what has become a pervasive risk.

The methods used by cybercriminals are becoming increasingly inventive. The research cites, for instance, the quick growth of the ransomware-as-a-service model, which greatly extends the reach of ransomware by decreasing the skill level required to design and conduct an assault.

However, there are flashes of promise, such as the fact that healthcare did better than the world average of 65% with a 61% encryption rate. In addition, a growing number of healthcare businesses are purchasing cyber insurance plans, requiring them to invest in increasingly powerful cybersecurity defences.

However, the healthcare industry faces significant challenges in the long run. Sophos researchers said that the rise in effective ransomware attacks is part of a more problematic broader threat environment that has disproportionately harmed healthcare. In comparison to the cross-sector average of 57% and 59%, healthcare had the biggest growth in both the volume and complexity of cyber attacks, at 69% and 67%, respectively. Healthcare was the 2nd most affected sector at 59% in terms of the effect of these cyber attacks, compared to a global average of 53%. 


Institutions like the HHS’ Health Sector Cybersecurity Coordination Center warned earlier in June that ransomware groups are becoming exceptionally active.

At the very least, this has jolted many hospital and other health system boards out of their lethargy, and many are now investing more resources in their cybersecurity and ransomware response skills. However, the hazards to hospital data, finances, and, most importantly, patient safety continue to rise. There are still debates about the amount and design of cyber insurance plans, as well as whether or not to settle ransoms.


In the midst of this near-normalization, healthcare companies have gotten much better at dealing with the fallout of an attack: nearly everyone now receives some encrypted information back, and three-quarters are able to restore data utilising backups, Sophos researchers wrote in a recent analysis.

Many healthcare businesses are opting for cyber insurance to mitigate the economic risk involved with such breaches, they noted. It gives consumers peace of mind to know that in almost all circumstances, insurance will cover some of the costs. However, obtaining coverage is becoming more difficult for businesses. This has prompted practically every healthcare firm to upgrade their cyber defences in order to improve their cyber insurance status.