Ransomware Epidemic: Healthcare Under Siege as Attacks Soar

Nearly 80% of Organizations Hit by Ransomware Took More than a Week to Recover

Sophos, a global leader in cybersecurity, has released its latest sector survey report, “The State of Ransomware in Healthcare 2024,” revealing a troubling rise in ransomware attacks on healthcare organizations. According to the report, 67% of surveyed healthcare institutions were hit by ransomware in the past year, marking a four-year high and a significant increase from 60% in 2023. This spike contrasts sharply with a decline in ransomware attacks across other sectors, where the overall rate dropped from 66% in 2023 to 59% in 2024.

The report also highlights the growing challenge of recovery in the healthcare sector. Only 22% of affected organizations were able to fully recover within a week, a sharp decline from 47% in 2023 and 54% in 2022. Meanwhile, 37% of organizations reported recovery times exceeding a month, up from 28% last year, indicating that attacks are becoming more severe and complex.

“While ransomware attacks are stabilizing or even declining in other industries, the healthcare sector is facing an escalating threat in both frequency and impact,” said John Shier, Field CTO at Sophos. “The sensitive nature of healthcare data and the critical need for accessibility make the industry a prime target for cybercriminals. Unfortunately, many healthcare organizations remain unprepared, as evidenced by the increasing recovery times. These attacks can have far-reaching consequences, affecting patient care and operational continuity.”

Shier emphasized the need for healthcare organizations to adopt a proactive, human-led approach to cybersecurity. “To counter these persistent threats, healthcare providers must combine advanced technology with continuous monitoring and threat detection to stay ahead of attackers,” he added.

Additional findings from the report include:

Ransom Recovery Costs Surge: The mean cost of recovery in a healthcare ransomware attack was $2.57 million in 2024, up from $2.2 million in 2023 and double the 2021 cost
Ransom Demands vs Payments: 57% of healthcare institutions that paid the ransom ended up paying more than the original demand
Root Cause of Attack: Compromised credentials and exploited vulnerabilities were tied for the number one root cause of attack, each accounting for 34% of attacks
Backups Targeted: 95% of healthcare organizations hit by ransomware in the past year said that cybercriminals attempted to compromise their backups during the attack.
Increased Pressure: Organizations whose backups were compromised were more than twice as likely to pay the ransom to recover encrypted data (63% vs. 27%)
Who Pays the Ransom: Insurance providers are heavily involved in ransom payments, contributing in 77% of cases. 19% of total ransom payment funding comes from insurance providers

The latest Sophos report on real-world ransomware experiences explores the full victim journey, from attack rate and root cause to operational impact and business outcomes, of 402 healthcare organizations. The results for this sector survey report are part of a broader, vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.

Learn More About Ransomware