Ransomware affected 67% of healthcare organisations in 2024, as compared to 60% of enterprises in 2023, according to ‘The State of Ransomware in Healthcare 2024 report’ by Sophos.
The rate of ransomware attacks in the healthcare industry this year was nearly twice as high as the 34% reported by the industry in 2021.
The Sophos report explores the journey of affected healthcare enterprises, including attack rate, causes, impact on operations and business outcomes, along with ransom demands vs. payments.
Attack Rates And Recovery Costs Have Risen
Ninety-five percent of healthcare organisations that experienced ransomware attacks in the past year reported that during the attack, cybercriminals tried to access their backups. Sixty-six percent of the attempts were successful, one of the highest rates of backup compromises. Only the energy, oil/gas and utilities (79%) and education (71%) sectors reported higher rates.
Data encryption was the outcome of 74% of ransomware attacks on healthcare organisations, which is nearly equal to the 73% encryption rate recorded in 2023. Extortion-only attacks were reported by the sector to have decreased, with only one respondent reporting such an attack, down from 4% in the 2023 study.
For healthcare organisations, the average cost to recover from a ransomware attack was $2.57 million in 2024, up from $2.20 million in 2023.
Devices Impacted
Healthcare companies experienced ransomware attacks on an average of 58% of their computers, which is higher than the cross-sector average of 49%. It was uncommon to have the entire environment encrypted. Only 7% organisations reported that at least 91% of their devices were affected.
Rising Propensity To Pay Ransom
More than half (53%) of the healthcare organisations paid the ransom to get their encrypted data back, while 73% of them restored the data using backups. Comparatively, 68% of organisations worldwide used backups, and 56% paid the ransom.
The use of backups in the healthcare industry has not changed much over the past three years (73% in 2023; 72% in 2022). However, the inclination of healthcare organisations to pay ransom has significantly increased in the past year (42% in 2023), although it is still less than the 61% recorded in 2022.
In the past year, there has been a rise in victims’ inclination to employ multiple strategies (such as paying the ransom and using backups) in order to recover encrypted data. The current study found that 52% of healthcare organisations with encrypted data reported using multiple methods, which is three times higher than the rate of 17% reported in 2023.
Organisations Ended Up Paying Higher Than Ransom Initially Demanded
Only 15% of the organisations paid the ransom initially demanded. Around 57% paid more, while 28% paid less than the initial demand. Healthcare respondents, on average, paid 111% of the first ransom that the adversaries demanded.
The actual amount paid was disclosed by 99 healthcare respondents whose organisations had paid the ransom, and the median payment in 2024 was $1.5 million.