Ransomware attacks have surged in recent years; this has led to significant financial losses, data breaches and operational disruptions across various sectors. As of 2023, over 72% of organizations worldwide were affected by ransomware attacks, according to Statista.
That raises a question as to how malicious actors are able to successfully carry out these attacks on the majority of organizations. And one industry that is struggling to handle ransomware attacks is healthcare.
Not the government. Not business.
Healthcare.
In fact, Sophos revealed in its “The State of Ransomware in Healthcare 2023” report that cybercriminals successfully encrypted data in nearly 75% of ransomware attacks. This is the highest rate of encryption in the past three years and a significant increase from the 61% of healthcare organizations that reported having their data encrypted last year.
Here’s how data encryption works, for those not familiar with it. In a typical ransomware attack, the malware encrypts the victim's data and demands a ransom in exchange for the decryption key. If the victim organization refuses to pay the ransom and has no backup copies of the data, the encrypted data could become inaccessible. This can be viewed as a form of data breach since the data is effectively locked away from the organization.
Here’s the troubling part. Less than one-fourth of healthcare organizations were able to disrupt a ransomware attack before the attackers encrypted their data — down from 34% in 2022, according to the report. This is the lowest rate of disruption reported by the sector over the past three years.
The percentage of organizations that successfully stop an attack before encryption is a strong indicator of security maturity,” said Chester Wisniewski, Director, Field Chief Technology Officer, Sophos. “For the healthcare sector, this number is declining, which suggests the sector is actively losing ground against cyberattackers and is increasingly unable to detect and stop an attack in progress.”
Wisniewski and the team at Sophos recommend that organizations enhance their cybersecurity defenses with a multifaceted approach. They should employ robust security tools capable of defending against common attack vectors, such as anti-ransomware and anti-exploit capabilities, to effectively mitigate threats.
Zero Trust Network Access, for example, prevents the misuse of compromised credentials, thus ensuring rigorous authentication processes and resource access limitations. There are also adaptive technologies that can automatically respond to attacks, disrupting adversaries and providing defenders with crucial response time. 24/7 threat detection, investigation and response capabilities that ensure cyberattacks are identified and addressed promptly, minimizing potential damage and data loss.
Sophos also recommends optimizing attack preparation and maintaining security hygiene. This includes regularly backing up data and keeping systems and software up to date. Maintaining an up-to-date incident response plan is essential, as it provides a structured approach for organizations to follow in the event of a security breach. Also, staying proactive in maintaining security hygiene reduces the likelihood of successful cyberattacks, as it closes potential entry points for attackers and keeps an organization's security posture strong.
“All organizations, especially those in healthcare, need to modernize their defensive approach to cybercrime, moving from being solely preventative to actively monitoring and investigating alerts 24/7 and securing outside help in the form of services like managed detection and response,” said Wisniewski.
Edited by
Alex Passett
