Products and Services PRODUCTS & SERVICES

The State of Ransomware in Healthcare 2022

Get the latest insights into ransomware attacks, ransom payments, and the fast-changing cyber insurance healthcare market over the last year.


Sophos has just launched the State of Ransomware in Healthcare 2022, an insightful report carved out of its annual study of the real-world ransomware experiences of healthcare IT professionals. This year, 5,600 IT professionals, including 381 in healthcare, from 31 countries participated in the research.

The study reveals a growing ransomware attack rate on healthcare, resulting in an increasingly tough, broader threat environment for this sector. The study also focuses on the rapidly evolving relationship between ransomware and cyber insurance in healthcare, highlighting how often and how much ransom was paid out by insurance providers against claims by healthcare.

Here are some key findings from the report:

  • Ransomware attacks on healthcare almost doubled – 66% of healthcare organizations surveyed were hit by ransomware in 2021, up from 34% in 2020
  • A more challenging healthcare threat environment– this sector saw the highest increase in volume (69%) and perceived complexity (67%) of cyber attacks and the second-highest increase in the impact (59%) of such attacks
  • Healthcare is most likely to pay the ransom, ranking first with 61% of organizations paying the ransom to get encrypted data back, compared with the global average of 46%; this is almost double than 34% who paid the ransom in 2020
  • But, healthcare pays the least ransom amount – US$197K was the ransom amount paid by healthcare in 2021 compared with the global average of US$812K
  • Less data is recovered after paying the ransom – healthcare organizations that paid the ransom got back only 65% of their data in 2021, down from 69% in 2020; furthermore, only 2% of those that paid the ransom in 2021 got ALL their data back, down from 8% in 2020
  • High cost to recover from ransomware incidents – healthcare ranked second highest at US$1.85M in terms of the average cost to rectify ransomware attacks compared with the global average of US$1.40M
  • Long recovery time from ransomware attacks – 44% of healthcare organizations that suffered an attack in the last year took up to a week to recover from the most significant attack, whereas 25% of them took up to one month
  • Low cyber insurance coverage in healthcare – only 78% of healthcare organizations have cyber insurance coverage compared with the global average of 83%
  • Cyber insurance driving better cyber defenses – 97% of healthcare organizations with cyber insurance have upgraded their cyber defenses to improve their cyber insurance position
  • Cyber insurance almost always pays out – in 97% of incidents where the healthcare organization had cyber insurance that covered ransomware, the insurer paid some or all the costs incurred (with 47% overall covering the ransom payment)

The growing rate of ransomware attacks in healthcare reflects the success of the ransomware-as-a-service model, which significantly extends the reach of ransomware by reducing the skill level required to deploy an attack. Most healthcare organizations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance.

However, it is getting harder for healthcare to get coverage, likely because of the high rate of ransomware incidents in this sector. The subsequent insurance coverage gap is leaving many healthcare organizations exposed to the full cost of an attack, increasing the overall ransomware remediation costs. As the coverage becomes more challenging to get, healthcare is bolstering its cyber defenses to improve its cyber insurance position.

Read more about the State of Ransomware in Healthcare 2022.

Leave a Reply

Your email address will not be published.