Nearly 80% of Organizations Hit by Ransomware Took More than a Week to Recover
A new report by Sophos, a global leader in cybersecurity, reveals that 67% or two-thirds of healthcare organizations experienced ransomware attacks in 2024, marking a four-year high. This is a notable increase from the 60% affected in 2023, starkly contrasting to other sectors where ransomware incidents are declining; the overall rate of ransomware attacks fell from 66% in 2023 to 59% in 2024.
According to the report, “The State of Ransomware in Healthcare 2024, the healthcare sector remains a prime target for cybercriminals due to the sensitive nature of patient data and the critical need for continuous access to information.
Ransomware Recovery Times Worsen
The report highlights a worrying trend: attacks are increasing, and recovery times are also extending. Only 22% of healthcare institutions recovered from ransomware within a week in 2024, a steep drop from 47% in 2023. Alarmingly, 37% of organizations took more than a month to recover, underscoring the increasing complexity and severity of attacks.
“While we’ve seen the rate of ransomware attacks reach a kind of “homeostasis” or even declining across industries. Attacks against healthcare organizations continue to intensify, both in number and scope. The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organizations are prepared to respond to these attacks. This is demonstrated by increasingly longer recovery times. These attacks can have immense ripple effects. As we’ve seen this year with major ransomware attacks impacting the healthcare industry and impacting patient care.” Said John Shier, field CTO, Sophos.
“To combat these determined adversaries. Healthcare organizations must adopt a more proactive, human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers.”
Explore Why Ransomware Payments Skyrocket 500%
Ransom Recovery Costs Skyrocket
The cost of recovery from ransomware attacks has surged. With the average recovery cost hitting $2.57 million in 2024, up from $2.2 million in 2023. This is more than double the recovery cost reported in 2021, further illustrating the growing financial burden on healthcare organizations.
Ransom Demands and Payments: A Growing Concern
Of the healthcare institutions that paid the ransom, 57% ended up paying more than the original demand. Insurance providers partially funded 77% of ransom payments. Insurance companies contributed 19% of the total payment.
Key Findings from the Report
Compromised Credentials and Vulnerabilities: The top two root causes of ransomware attacks were compromised credentials and exploited vulnerabilities, each accounting for 34% of incidents.
Targeted Backups: In 95% of ransomware cases, cybercriminals attempted to compromise backups. Organizations whose backups were compromised were more than twice as likely to pay the ransom [63% vs. 27%].
Insurance Providers’ Role: Insurance companies played a significant role in ransom payments, contributing in 77% of cases.
About the Survey
The latest Sophos report on real-world ransomware experiences explores the full victim journey, from attack rate and root cause to operational impact and business outcomes, of 402 healthcare organizations. The results for this sector survey report are part of a broader, vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.
For more details, download the full report at Sophos’ website.