The State of Ransomware in Healthcare 2023
Ransomeware in Healthcare findings from the SOPHOS independent, vendor-agnostic survey of 3,000 leaders responsible for IT / Cybersecurity across 14 countries, including 233 from the healthcare sector, conducted in January 2023 – March 2023.
About the Survey
Sophos commissioned an independent, vendor-agnostic survey of 3,000 IT/cybersecurity leaders in organisations with between 100 and 5,000 employees, including 233 in healthcare organisations. Although this is an American based study it is important for UK businesses to be aware of the threats that are likely to travel across seas.
- 3,000 respondents
- 233 healthcare respondents
- 14 countries
- 100-5,000 employees
- <$10m – $5b+ annual revenue
- January – March 2023 research conducted
Rate of Ransomware Attacks in Healthcare
Despite the downward trend in healthcare, the 2023 report’s rate of attacks is still almost double the rate reported in 2021.
Almost two-thirds of healthcare organisations were hit in the last year, which demonstrates how adversaries were able to execute attacks at a consistent scale, making ransomware arguably the biggest cyber risk facing the healthcare sector today. In both Sophos’s 2022 and 2023 surveys, 66% of all respondents reported that their organisation had been hit by ransomware in the previous year.
Root Causes of Ransomware Attacks in Healthcare
Compromised credentials (32%) were the most common root cause of the most significant ransomware attacks in the healthcare sector, followed by exploited vulnerabilities (29%).
Email-based attacks (malicious emails or phishing) in healthcare organisations were reported higher than the cross-sector average of 30%. For those in the healthcare industry, it’s more important than ever to ensure that you have the best endpoint protection available, something that the CSG team can help you with.
At a global, cross-sector level, the order of the top two root causes switches, focusing from exploited vulnerabilities being the most common root cause (used in 36% of attacks) to compromised credentials (behind 29% of attacks).
Rate of Data Encryption in Healthcare
The rate of data encryption in the healthcare sector was the highest in the last three years of reports, with almost three-quarters of healthcare organisations (73%) reporting that their data was encrypted, up from 61% in the 2022 report and 65% in the 2021 report. The rate of extortion-only attacks in healthcare remained flat at 4%, below the 7% reported in our 2021 study.
While high, the rate of data encryption reported by healthcare is below the cross- sector average, where 76% of attacks resulted in data encryption. The highest frequency of data encryption (92%) was reported by business and professional services.
In more than one-third of the attacks in healthcare (37%) where data was encrypted, the data was also stolen. This “double dip” approach by adversaries is becoming more commonplace as they look to increase their ability to monetize attacks. The threat of making stolen data public can be used to extort payments and the data can also be sold. The high frequency of data theft increases the importance of stopping attacks as early as possible before information can be exfiltrated.
Ransom Payments
At a global, cross-sector level, while the overall propensity to pay the ransom remains level with last year’s study, the payments themselves have increased considerably, with the average (mean) ransom payment almost doubling from $812,360 to $1,542,330 year over year. The median ransom payment increased from $76,500 to $400,000 year over year.
In the case of healthcare, 12 healthcare organizations shared the exact ransom amounts paid, with the median coming in at $2.5M, up from $30,000 in 2022.
Nine healthcare organizations reported paying ransoms of $1M or more, and only one paid less than $100,000. While the low base number means the 2023 report’s data is not statistically significant, and so should be used with caution, the findings do indicate that ransom payments in healthcare are increasing.
Contact us today to get your Ransomware in Healthcare full analysis.