Over 2700 Total Lots Up For Auction at Four Locations - NC 08/10, NJ 08/11, CA 08/12, TX 08/16

Providers see 94% hike in ransomware in 2021

by John R. Fischer, Senior Reporter | June 16, 2022
Cyber Security Health IT
Providers saw ransomware attacks increase by 94% in 2021.
Ransomware attacks rose 94% among healthcare organizations from 2020 to 2021, according to cybersecurity firm Sophos’ survey, “The State of Ransomware in Healthcare 2022.”

The report says that 66% of providers were hit in 2021 and 34%, the previous year. The healthcare sector experienced the highest percentage of attacks. And providers had the second highest average recovery costs at $1.85 million, and recovery took an average of one week.

Many who paid ransoms did so to get back sensitive data with lifesaving value, but only 2% got all of theirs back. Additionally, 61% of attacks encrypted data, which was 4% less than the global average.

“Organizations that are able to move faster in implementing defensive improvements are likely going to find themselves less at risk, but I believe that this will have a wider effect as attackers will concentrate on easier, slower moving targets,” Chris Clements, vice president of solutions architecture at Cerberus Sentinel, told HCB News.

Two-factor authentication and zero trust defense tactics are not always enough to stop attacks. And while more (78%) are opting for cyber insurance, 93% who have it said it was more difficult to get in the last year. This is because ransomware is the single largest driver of insurance claims, and organizations with low budgets and fewer technical resources cannot afford the level of security to qualify. Fifty-one percent were unable to obtain coverage.

But many are becoming more savvy at dealing with the impact, as 99% got at least some of their data back after it was encrypted. And while providers pay the most often (61%), they have the lowest average ransoms at $197,000, compared to a global average of $812,000.

The authors recommend installing high-quality defenses and reviewing security controls regularly. They also say to search for security gaps like unpatched devices; backup data; hunt for threats to identify and stop potential attackers; and update plans continually.

Clements says that everyone in an organization can and should help. “Building this cultural strategy, starting with understanding how most cyberattacks happen and an honest assessment of your organization's capabilities is crucial to ensuring that limited cybersecurity dollars and personnel hours are as effective as possible.”

The survey polled 5,600 IT professionals, including 381 healthcare respondents, in midsized organizations across 31 countries.

You Must Be Logged In To Post A Comment