Blog | Medicus IT

The Tip of the Cyber Iceberg: Ransomware Attacks in 2020-2022

Written by Medicus IT | May 20, 2022 8:38:00 PM

In 2020, a third of healthcare organizations worldwide experienced a ransomware attack and 65% reported the cybercriminals succeeded in encrypting their data. Most claimed that this was the most significant attack they have ever faced, according to a Sophos report.

The report’s research also revealed the healthcare sector is less equipped to stop ransomware attacks compared to other sectors. Around 63% of healthcare respondents who had not been impacted by ransomware in 2020 expect to fall victim in the future. 

Medicus IT is always attuned to our client's overall security posture - trying to stay ahead of cybercriminals and the next potential compromise. We understand that prevention is equal parts foresight and preparation, and in healthcare, there are many details and complexities to consider. 

Preventative care for IT begins with a strategic focus on the systems and solutions designed to keep your practice out of trouble, including ransomware attacks. From that analysis, we can employ the technology, people, and processes to keep your sensitive information secure. 

Survey Findings for 2020 

Cybersecurity solutions provider, Sophos, conducted a research study that shares new insight into the current state of ransomware in the healthcare sector. The early 2021 report includes survey information polling 5,400 IT decision-makers across 30 countries. 

Among the 5,400 respondents, 328 worked in healthcare. Below are the survey’s key findings:

  • 34% of healthcare organizations experienced a ransomware attack in 2020
  • 65% of these ransomware victims said that cybercriminals succeeded in encrypting their data
  • 44% of those whose data was encrypted restored their data through backups
  • 34% of those whose data was encrypted paid the ransom 
  • On average, only 69% of the encrypted data was restored after paying the ransom 
  • 89% of healthcare organizations employ a malware incident recovery plan

Trend Continued in 2021 

The Department of Health and Human Services (HHS) created the Health Sector Cybersecurity Coordination Center (HC3) to aid in the protection of vital, healthcare-related controlled information and ensure that cybersecurity information sharing is coordinated across the Health and Public Health Sector (HPH). 

HC3's Cyber Threat Intelligence (CTI) team tracks notable cyber incidents affecting both U.S. and global HPH entities, and attacks on non-HPH entities that may affect the HPH sector. The following are the key findings of their “Ransomware Trends 2021” report:

  • HC3 has tracked a total of 82 ransomware incidents impacting the healthcare sector worldwide, as of May 25, 2021
  • 48 of these ransomware cases (about 60%) impacted the U.S. health sector
  • Conti and Avaddon are the most frequently observed ransomware groups impacting healthcare
  • Health or medical clinics and healthcare industry services organizations remained the most frequently observed victims
  • California experienced the most ransomware incidents for healthcare industry victims (accounting for 12% of all U.S. ransomware incidents)
  • For at least 72% of the ransomware incidents, victim data was leaked


Reasons for Healthcare's Vulnerability 

The Sophos report also revealed the reasons why healthcare organizations expect to be hit by ransomware attacks in the future:

    • 57% of the respondents believe they are vulnerable since other organizations have already been targeted
  • 55% of respondents are concerned that ransomware attacks will only get more advanced and sophisticated, thus making them harder to stop
  • 29% of respondents see users compromising security as a cause for future ransomware attacks
  • 24% of respondents admit to having weaknesses in their cybersecurity

Is Paying Ransom a Good Idea? 

Based on the respondents’ experiences, it does not pay to pay. Even if you pay the full ransom amount, retrieving all data is slim. On average, healthcare organizations that paid the ransom only got back 69% of their data, leaving a considerable portion of the data inaccessible. 

More importantly, paying a ransom rewards criminal behavior and will only encourage hackers to continue these lucrative attacks.

Lower Your Risk for Attack 

These widespread ransomware attacks serve as a reminder that securing your organization against cyber threats should be a top priority. By equipping yourself with the right security measures, you will have the ability to effectively recover from attacks or regain control of your systems and prevent them from happening in the first place.

Here are ways to prevent your organization from falling victim to ransomware attacks:

  • Always keep your systems up to date with the latest security patches
  • Backup your systems regularly 
  • If employing any third-party vendors to host your applications, be sure they are also keeping abreast with the latest security patches and updates
  • Consider using cloud technologies that are more difficult to exploit and offer storage solutions that allow you to restore old data
  • Maintain your anti-virus software and firewalls to keep them up to date
  • Regularly perform risk assessments
  • Provide employees with security awareness and information security training
  • Consistently educate users about how to detect potential ransomware threats and provide the right steps on how to report them
  • Constantly remind your user community to be vigilant 

Schedule an Appointment Today

Our team at Medicus IT is your trusted partner in healthcare IT security. Are you ready to learn more about how we can help you raise the bar on your IT security processes?  Contact us today to ensure your data is safe.