Healthcare ransomware attacks surge to a four-year high

Recover costs have increased to $2.57m in the current year.

Ransomware attacks on healthcare organisations have surged to a four-year high since 2021, with 67% of institutions impacted in the past year, up from 60% in 2023.

A Sophos report revealed that this rise contrasts with the overall decrease in attacks across other sectors, where the rate fell from 66% in 2023 to 59% this year.

Recovery costs have also increased to $2.57m in 2024. In cases where ransoms were paid, over half of organisations ended up paying more than the original demand.

Only 1 out of 5 of those affected by ransomware were able to fully recover within a week, a decrease from 47% in 2023. Meanwhile, 37% took more than a month, a rise from 28% the previous year.

“Cybercriminals have learned that few healthcare organisations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times,” said John Shier, field CTO of Sophos.

“These attacks can have immense ripple effects, as we’ve seen this year with major ransomware attacks impacting the healthcare industry and impacting patient care,” Shier added.

The report’s findings are based on 402 healthcare organisations as part of a broader survey involving 5,000 cybersecurity and IT leaders across 14 countries and 15 sectors.