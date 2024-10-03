Emma Okonji

Sophos, a global leader of innovative security solutions for defeating cyberattacks, has released a sector survey report, tagged: ‘The State of Ransomware in Healthcare 2024’, which revealed that the global rate of ransomware attacks against healthcare organisations has reached a four-year high since 2021.

According to the report, of those organisations surveyed, two-thirds (67 per cent) were impacted by ransomware attacks in the past year, up from 60 per cent in 2023. The rising rate of ransomware attacks against healthcare institutions contrasts with the declining rate of ransomware attacks across sectors, as the overall rate of ransomware attacks fell from 66 per cent in 2023 to 59 per cent in 2024.

Alongside an increase in the rate of ransomware attacks, the healthcare sector reported increasingly longer recovery times. Only 22 per cent of ransomware victims fully recovered in a week or less, a considerable drop from the 47 per cent reported in 2023 and 54 per cent in 2022. In addition, 37 per cent took more than a month to recover, up from 28 per cent in 2023, reflecting the increased severity and complexity of attacks, the report further said.

Analysing the report, Field CTO at Sophos, John Shier, said: “While we’ve seen the rate of ransomware attacks reach a kind of ‘homeostasis’ or even declining across industries, attacks against healthcare organisations continue to intensify, both in number and scope. The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organisations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times. These attacks can have immense ripple effects, as we have seen this year with major ransomware attacks impacting the healthcare industry and impacting patient care.”

To combat these determined adversaries, healthcare organisations must adopt a more proactive, human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers, the report further said, adding that compromised credentials and exploited vulnerabilities are the root causes of attack, each accounting for 34 per cent of attacks.

The latest Sophos report on real-world ransomware experiences explores the full victim journey, from attack rate and root cause to operational impact and business outcomes, of 402 healthcare organisations. The results for this sector survey report are part of a broader, vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.