Once ransomware hackers get inside a healthcare sector organization’s systems, 3 in 4 attackers will also maliciously encrypt data, says security firm Sophos.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

Attackers successfully encrypted data in 75% of ransomware attacks on healthcare sector entities, Sophos said in an annual report on healthcare cybersecurity trends published Wednesday.

“This likely reflects the ever-increasing skill level of adversaries who continue to innovate and refine their approaches,” Sophos said.

On the flip side, that means only about 24% of healthcare organizations successfully disrupted a ransomware attack before the attackers encrypted their data – down from 34% in 2022, the research found.

The report is based on a vendor-agnostic survey of 3,000 information technology and cybersecurity organizations across 233 healthcare organizations located around the globe, conducted between January and March.

The healthcare industry has a reputation for being a soft target due to often low levels of cybersecurity spending by hospitals – particularly those serving rural or underserved communities. Many medical organizations apparently prefer to pay a ransom rather than lose access to patient data.

When clinical settings fall victim to ransomware attacks, which disrupt care, it is bad for patients’ health, experts warn. A September 2021 alert by the Cybersecurity and Infrastructure Security Agency links cyberattacks to increased patient mortality.

While attacks against the healthcare sector remain robust, researchers did find that the number of healthcare organizations that were hit by ransomware and paid a ransom declined from 61% last year to 42% this year. This is lower than the cross-sector average of 46%, Sophos said. Healthcare organizations’ propensity to pay an extortion demand may correlate to whether they have a stand-alone cyber insurance policy. Of the healthcare entities that had a stand-alone policy, 53% paid the ransom. Of those who only had a wider insurance policy that includes cyber risk, 34% paid the extortion, according to the survey.

More potential good news is that the rate of successful ransomware attacks affecting healthcare entities appears to have slightly diminished compared in 2022, when 66% of respondents said they suffered a ransomware attack. This year the number is 60%.

Fewer attacks doesn’t correlate to a lower average payout. A dozen organizations told Sophos exactly how much they paid. The median amount was $2.5 million – considerably more than the $30,000 median Sophos data showed in 2022.

Contributing to the challenges faced by the healthcare sector is that ransomware attacks continue to grow in sophistication, and cybercriminals are speeding up their attack timelines to try and more rapidly penetrate corporate networks and unleash crypto-locking malware before defenders can detect those efforts and respond, Sophos said.

Sophos also found that 90% of ransomware attacks took place after regular business hours, which is a repeat tactic attackers use to try and maximize their chance of success.

How are ransomware-wielding hackers breaking into healthcare networks? Compromised credentials were the top culprits in ransomware attacks against healthcare organizations, followed by vulnerability exploits, Sophos said.