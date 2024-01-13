A recent report cybersecurity firm Sophos reveals that the healthcare industry witnessed a surge in ransomware attacks in 2023, with cybercriminals successfully encrypting data in 75% of cases. This represents a significant increase from the previous year’s rate of 61%. Encryption involves denying access to an organization’s data until a ransom is paid.

The study, which surveyed 3,000 cybersecurity leaders in the healthcare sector, also found that only 24% of organizations were able to prevent a ransomware attack before encryption occurred. This marks a decline from the previous year’s rate of 34% and reflects the lowest figure in the past three years.

Chester Wisniewski, the Director and Field Chief Technology Officer (CTO) at Sophos, noted that the declining number of successful attacks halted before encryption is a cause for concern. He stated, “What’s more, this number is declining, which suggests the sector is actively losing ground against cyberattackers and is increasingly unable to detect and stop an attack in progress.”

Wisniewski attributed part of the problem to the rising sophistication of ransomware attacks, emphasizing that the threat has become too complex for most organizations to handle independently. He called for the healthcare sector, in particular, to modernize its approach to cybersecurity incorporating services such as managed detection and response (MDR) to proactively monitor and investigate alerts.

In a related development, a separate report Sophos from December 2023 highlighted the growing use of remote encryption in ransomware attacks. Cybercriminals are deliberately employing remote encryption to penetrate deeper into company networks, causing significant disruptions. The report observed a 62% year-over-year increase in deliberate remote encryption attacks since 2022.

As the healthcare industry faces escalating threats from ransomware attacks and rising encryption rates, it is imperative for organizations to prioritize cybersecurity measures and seek outside assistance to combat these increasingly sophisticated threats.