Healthcare industry grapples with escalating ransomware attacks

Healthcare organisations across the globe are increasingly at risk from cyberattacks, according to a recent report by data security researcher Rubrik Zero Labs.

The report, “The State of Data Security: Measuring Your Data’s Risk,” provides a comprehensive overview of the cybersecurity landscape, emphasising the risks posed by growing digital infrastructure and cloud adoption. It outlines challenges in safeguarding sensitive data and presents strategies to address the evolving nature of cyber threats.

The study, conducted by Wakefield Research, surveyed 1,625 IT and security decision-makers from companies with 500 or more employees. Respondents included CIOs, CISOs, and VPs/directors of IT and security from 10 countries. The survey supplemented Rubrik telemetry from over 6,000 clients, spanning 22 industries and 68 countries, covering 42 exabytes of secured storage and 38 billion sensitive records from January to December 2023.

Commenting on the findings, Rubrik Zero Labs head Steven Stone (pictured) said: “The more we talk about cyber threats like ransomware, and its impact on industries like healthcare, the more we can collaborate to minimise the risk calculus and ultimately beat cyber attackers trying to impede our businesses.”

Sensitive data in the healthcare industry

The report noted that healthcare organisations manage 22% more data than the global average. Their data estates expanded by 27% in the past year, and sensitive records grew by 63%, well above the global average of 13%.

A typical healthcare organisation holds 42 million sensitive records, which is 50% more than the global average.

Ransomware attacks’ impacts on healthcare organisations

According to the report, ransomware attacks affect nearly five times more sensitive data in healthcare organisations than the global average.

Each successful ransomware event impacts 20% of a healthcare organisation’s sensitive data, compared to 6% for other industries.

Cloud adoption in the healthcare industry and security blind spots

The report found that cloud storage increased to 13% of organisations’ data in 2023, up from 9% in the previous year. Meanwhile, on-premises storage declined from 77% to 70%.

With cloud integration, hybrid environments faced significant cyberattacks, impacting SaaS data (67%), cloud storage (66%), and on-premises storage (51%).

Cyberattacks’ impact on IT and security teams

Focusing on the impacts of cyberattacks on IT and security teams in healthcare organisations, the report revealed that 94% of IT and security leaders experienced a significant cyberattack, averaging 30 attacks annually, with a third including ransomware.

Among healthcare organisations that faced a ransomware attack, 93% reported paying a ransom, with 58% motivated by threats to leak stolen data.

Focusing on the impacts of cyberattacks, 96% of IT and security leaders reported emotional or psychological effects from such incidents, including 38% worrying about job security. Additionally, 44% of organisations reported leadership changes following cyberattacks, up from 36% in Rubrik Zero Labs’ previous report.