Nearly 80% of Organizations Hit by Ransomware Took More than a Week to Recover

OXFORD, U.K. — Septiembre 26, 2024 —

Sophos, a global leader of innovative security solutions for defeating cyberattacks, today released a sector survey report, “The State of Ransomware in Healthcare 2024,” which revealed that the rate of ransomware attacks against healthcare organizations has reached a four-year high since 2021. Of those organizations surveyed, two-thirds (67%) were impacted by ransomware attacks in the past year, up from 60% in 2023. The rising rate of ransomware attacks against healthcare institutions contrasts with the declining rate of ransomware attacks across sectors; the overall rate of ransomware attacks fell from 66% in 2023 to 59% in 2024.

Alongside an increase in the rate of ransomware attacks, the healthcare sector reported increasingly longer recovery times. Only 22% of ransomware victims fully recovered in a week or less, a considerable drop from the 47% reported in 2023 and 54% in 2022. In addition, 37% took more than a month to recover, up from 28% in 2023, reflecting the increased severity and complexity of attacks.

“While we’ve seen the rate of ransomware attacks reach a kind of “homeostasis” or even declining across industries, attacks against healthcare organizations continue to intensify, both in number and scope. The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organizations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times. These attacks can have immense ripple effects, as we’ve seen this year with major ransomware attacks impacting the healthcare industry and impacting patient care,” said John Shier, field CTO, Sophos.

“To combat these determined adversaries, healthcare organizations must adopt a more proactive, human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers.”

Additional findings from the report include:

  • Ransom Recovery Costs Surge: The mean cost of recovery in a healthcare ransomware attack was $2.57 million in 2024, up from $2.2 million in 2023 and double the 2021 cost
  • Ransom Demands vs Payments: 57% of healthcare institutions that paid the ransom ended up paying more than the original demand
  • Root Cause of Attack: Compromised credentials and exploited vulnerabilities were tied for the number one root cause of attack, each accounting for 34% of attacks
  • Backups Targeted: 95% of healthcare organizations hit by ransomware in the past year said that cybercriminals attempted to compromise their backups during the attack
  • Increased Pressure: Organizations whose backups were compromised were more than twice as likely to pay the ransom to recover encrypted data (63% vs. 27%)
  • Who Pays the Ransom: Insurance providers are heavily involved in ransom payments, contributing in 77% of cases. 19% of total ransom payment funding comes from insurance providers

The latest Sophos report on real-world ransomware experiences explores the full victim journey, from attack rate and root cause to operational impact and business outcomes, of 402 healthcare organizations. The results for this sector survey report are part of a broader, vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.

Read the full State of Ransomware in Healthcare 2024 report on Sophos.com for additional global findings and data by sector.

Acerca de Sophos

Sophos es una empresa innovadora y líder global de soluciones de seguridad avanzadas para combatir los ciberataques, entre las que se incluyen servicios de detección y respuesta gestionadas (MDR) y de respuesta a incidentes y un amplio catálogo de tecnologías para la protección de endpoints, redes, el correo electrónico y la nube. Como uno de los mayores proveedores especializados en ciberseguridad, Sophos protege a más de 600 000 organizaciones y a más de 100 millones de usuarios de todo el mundo frente a adversarios activos, ransomware, phishing, malware y mucho más. Los servicios y productos de Sophos se conectan a través de la consola de administración de Sophos Central y utilizan Sophos X-Ops, la unidad de información sobre amenazas multidominio de la empresa. La información de Sophos X-Ops optimiza todo el Sophos Adaptive Cybersecurity Ecosystem, que incluye un lago de datos centralizado que se sirve de un completo conjunto de API abiertas disponibles para clientes, partners, desarrolladores y otros proveedores de ciberseguridad y de tecnología de la información. Para las organizaciones que necesitan soluciones de seguridad totalmente gestionadas, Sophos ofrece la ciberseguridad como servicio. Aunque los clientes también pueden gestionar su ciberseguridad directamente mediante la plataforma de operaciones de seguridad de Sophos o utilizar un enfoque híbrido reforzando sus equipos internos con los servicios de Sophos, que incluyen la búsqueda y remediación de amenazas. Sophos vende a través de partners distribuidores y proveedores de servicios gestionados (MSP) en todo el mundo. Sophos tiene su sede en Oxford, Reino Unido. Encontrará más información en es.sophos.com.