The 2022 State of Ransomware Report published by cybersecurity firm Sophos revealed that ransomware attacks on healthcare providers increased by 94% year over year. The report based its information on a worldwide survey participated by 5,600 IT experts and interviews with 381 healthcare IT specialists from 31 countries. The 2022 report talked about the quickly changing relationship between ransomware and cyber insurance in the healthcare industry.
66% of surveyed healthcare companies stated they had encountered a ransomware attack in 2021, higher than the 34% in 2020 and the volume of ransomware attacks is higher by 69%, which was the highest of all industries. Healthcare got the second-largest increase (59%) in the impact of ransomware attacks.
Based on the report, the number of healthcare providers that paid the ransom multiplied two times year over year. In 2021, 61% of healthcare companies that encountered a ransomware attack gave ransom payments. This percentage is the largest of any industry. The global average was 46%, which is nearly two times the percentage in 2020last year
Paying the ransom may allow healthcare providers to recover from ransomware attacks faster, however, paying the ransom does not guarantee that there will be no data loss. Normally, after paying the ransom, healthcare companies were able to only retrieve 65% of encrypted information, it was 69% in 2020. 8% of healthcare providers retrieved all of their files after ransom payment in 2020, it’s just 2% in 2021.
Although the healthcare segment had the greatest percentage of victims paying the ransom for the decryption keys and to avoid the leaking of sensitive files, healthcare had the smallest average ransom payment of $197,000. The global average covering all industry segments was $812,000. The cost of ransom was lower in healthcare, however, the total cost of recovery was the second-highest, with a total cost of $1.85 million per ransomware attack, which is substantially greater than the worldwide average of $1.4 million.
Though there is a high risk of facing a costly ransomware attack, there are reasonably low levels of cyber insurance protection in medical care. Across all industries, 83% of firms got cyber insurance coverage. Only 78% of surveyed healthcare companies mentioned they got a cyber insurance policy. A lot of cyber insurance providers state that certain baseline security steps ought to be executed so as to take out insurance policies, and the degree of maturity of cybersecurity services can have a huge effect on the cost of insurance coverage. 97% of healthcare companies mentioned they had improved their cybersecurity defenses to strengthen their cyber insurance position.
97% of healthcare providers that possessed cyber insurance covering ransomware attacks stated the policy paid, with 47% stating that the full ransom payment was covered by their cyber insurance provider; nonetheless, getting cyber insurance to cover ransomware attacks is getting a lot more difficult because of the magnitude to which the healthcare sector is being targeted.