• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Hackers apparently lack honesty


Report shows that health care organizations pay ransoms, but rarely get all their data back

A report from Sophos shows that twice as many health care organizations paid ransoms to hackers in 2021 than in 2020, but only 2% of the victims received all of their data back.

Health care is a regular target of ransomware, with 66% of organizations surveyed saying they were hit with ransomware last year, up 34% from 2020. These attacks are unlikely to subside seeing as how health care targets are the most likely to pay the ransom, ranking first with 61% paying to get their data back compared to the global average of 46%. Only 34% paid the ransom in 2020.

What do these organizations get back when they pay? The survey shows not as much as they hoped. Those paying only received 65% of their data in 2021, down from 69% in 2020.

If there is any good news in the results, it’s that health care companies pay the smallest ransom amounts. Health care averaged $197,000 per ransom compared to a global average of $812,000.

But ransom money isn’t the only cost from an incident. Health care ranked second highest at $1.85 million in terms of the average cost to rectify ransomware attacks compared to the global average of $1.4 million. There is also the time factor – 44% of those hit with ransomware took a week to recover, while 25% took up to one month.

Despite the ongoing threats, health care organizations don’t always carry cyber insurance coverage, with 78% saying they have coverage, compared to a global average of 83%. Almost all (97%) of those with cyber insurance have upgraded their cyber defenses to improve their cyber insurance position. In 97% of incidents that were covered by cyber insurance, the insurer paid some or all of the costs incurred, with 47% overall covering the ransom payment.

“It is not surprising to see healthcare as the number one target of ransomware attacks,” said John Gunn, CEO, Token, in a statement. “This segment is the most regulated, has the greatest revenue and profits, and the most to lose if they don't pay the ransomware demand, all things that make them the most attractive target for hackers. What is surprising is that more companies are not upgrading their access control with better authentication, the front door is still where the majority of hackers enter, and it is the easiest to protect.”

Related Videos
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot
Michael J. Barry, MD
Hadi Chaudhry, President and CEO, CareCloud
Claire Ernst, JD, gives expert advice
Arien Malec