"Twice as Many Healthcare Organizations Now Pay Ransom"

According to new research conducted by Sophos, global healthcare organizations (HCOs) experienced a 94% year-on-year surge in ransomware attacks last year, with almost twice as many electing to pay their extorters.  The researchers found that two-thirds of HCOs were hit by ransomware last year, up from just a third in 2020.  Sophos claimed this surge was down to the popularity of ransomware-as-a-service on the cybercrime underground.  However, it could also result from the increased willingness of HCOs to pay their attackers.  The researchers noted that some 61% paid a ransom in 2021, up from just 34% a year previously.  Sophos claimed that the high cost of remediation, and the impact of operational outages, coupled with the increased sophistication of attacks on the sector, could explain this jump.  Just 2% of respondents paid a ransom and got all their data back.  The researchers stated that healthcare saw the highest increase in the volume of cyberattacks (69%) and the complexity of cyberattacks (67%) compared to the cross-sector average of 57% and 59%, respectively.  In terms of the impact of these cyberattacks, healthcare was the second most affected sector (59%) compared to the global average of 53%.  HCOs hit by ransomware recorded a major impact to their business: 94% said it impaired their ability to operate, and 90% that it caused loss of revenue.  On average, it took victim organizations one week to recover.  The researchers noted that the problem is exacerbated because many HCOs are finding it more challenging to obtain cyber insurance.  Only 78% are covered versus 83% across all sectors.  

Infosecurity reports: "Twice as Many Healthcare Organizations Now Pay Ransom"