Ransomware Attacks on Healthcare Almost Doubled Last Year

Plus, 61% reported paying ransoms to get their stolen data back, up from the global average of 46%.

Last year, healthcare organizations were more likely to suffer a ransomware attack than not, according to a new report.

Ransomware attackers reached 66% of organizations in the healthcare industry in 2021, a survey found, up from just 34% a year earlier.

In addition, healthcare ransomware victims are the most likely to pay — although, interestingly, the average amount paid is far below that of other industries. Here’s what to know about the state of the industry, and how you can keep your own organization secure.

Two Thirds of Healthcare Organizations Are Attacked

Sophos’s new report, titled The State of Ransomware in Healthcare 2022, just dropped a few days ago, and it paints a picture of sharply increased security risks across the industry.

It’s not merely that big one-year jump up from 34% to 66% of healthcare organizations receiving attacks.

Last year, healthcare threats rose in volume (69%), in perceived complexity (67%), and in the impact of each attack (59%). All those stats were the highest or nearly the highest in healthcare when compared to ransomware in other industries.

Plus, recovery in the wake of attacks can be tougher in the industry: Healthcare ranked the second highest when it came to the average cost of getting everything back on track after an attack, with $1.85 million per incident, compared to the average across all industries of just $1.40 million.

While 44% of healthcare organizations attacked in 2021 took as long as a week to recover from their worst attack, 25% took up to a month.

Healthcare Pays Out More Often

The ransomware business is lucrative for attackers who target healthcare: 61% of organizations reported paying ransoms to get their stolen data back, up from the cross-industry average of 46%.

At the same time, healthcare businesses paid the least amounts per incident — averaging $197,000 instead of the global average of $812,000.

But less data was recovered as well, with paying organizations getting just 65% of their data back on average, and a scant 2% getting all their data back in 2021. In comparison, 8% recovered all the data in 2020… which is still pretty darn low.

Staying Safe

The biggest takeaways for anyone in the healthcare field should be the fact that they’re more likely than not to suffer a ransomware attack in 2022 and beyond.

And, given the potential for multi-million-dollar losses and near-certainty that they’ll never recover all their data, the solution is clear: Prevention.

We’d suggest a few online security measures — employee training on suspicious email to avoid can address the human element that often lurks behind a ransomware attack. Other software solutions add some protection as well, from password managers to VPNs to antivirus software.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' was a 2024 Locus Awards finalist. When not working on his next art collection, he's tracking the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals