Guarding Patient Data: Key Takeaways from the Sophos State of Ransomware in Healthcare 2023 Study

The healthcare industry handles large amounts of sensitive patient data, making it a prime target for cyberattacks. Successful encryptions are up despite attacks being down. The recently published Sophos State of Ransomware in Healthcare 2023 report delves into the frequency of attacks, identifying their root causes and showing the costs associated with data recovery.

  • November 20, 2023 | Author: Alan Strakey
Learn More about this topic

Article Key

Over time, as healthcare providers focus on improving patient care and embrace new technologies and medical devices, the number of interconnected devices within their networks has increased significantly. Unfortunately, this technology transformation has also widened the attack surface for cybersecurity threats. The very technology that helps people is making healthcare organizations more vulnerable to ransomware attacks.

 

That’s the take of the annual State of Ransomware in Healthcare 2023 study conducted by Sophos. It sheds light on common root causes behind these attacks while highlighting how ransomware affects its overall operations. Additionally, it explores the consequences businesses face when deciding whether to pay a ransom for data recovery or rely on backups.

 

Rate of Attacks is Down, Success Rates Are Up

Good news; the percentage of ransomware attacks has decreased from 66% to 60% year over year. The bad news is that the rate of data encryption after a ransomware attack has increased to its highest point in the past three years. In 2023, 73% of healthcare organizations reported having their data encrypted, compared to just 15% in 2022 and 65% in 2021. This reflects the growing expertise of adversaries who are constantly refining their strategies.

 

Interestingly, in more than one third (37%) of these attacks, data was encrypted and stolen. This suggests that attackers are increasingly resorting to a "double dip" approach, where they threaten to expose the data publicly to put more pressure on their victims.

 

Root Causes of Attacks: They’re Logging In or Breaking In

Compromised credentials accounted for the majority (32%), followed by exploited vulnerabilities (29%). In healthcare organizations specifically, over a third (36%) of attacks started with email-based methods such as malicious emails or phishing attempts. This is higher than the average across all industries which stands at 30%.

 

One effective way to safeguard your customers against attackers attempting to exploit compromised credentials and gain unauthorized access to the network is by implementing and enforcing robust multifactor authentication (MFA) solutions that are resistant to phishing attempts.

 

Positive Trends in Data Recovery and Ransom Payments

Among the healthcare organizations surveyed, all of them successfully retrieved their encrypted data. Ransom payments for data recovery decreased from 61% last year to 42% this year. Additionally, there was a slight increase in the utilization of backups for data restoration, rising from 72% last year to 73% in 2023.

 

Despite the decrease in overall inclination towards paying ransoms, the actual ransom payments have significantly risen. The median ransom payment made by healthcare organizations amounted to $2.5M, a substantial increase from $30,000 in 2022.

 

Taking Effective Measures Against Ransomware

Ransomware remains a persistent threat that continues to evolve rapidly, becoming more sophisticated and costly with each iteration. Sophos offers comprehensive layered endpoint solutions and Managed Detection and Response (MDR) and incident response services designed to protect your customers  at every stage of an attack, ensuring adequate protection and keeping your customers safe.

 

For more insights on the current state of ransomware within the healthcare sector, you can download the complete report from Sophos.com.