Ransomware payments are highly discouraged by the federal government, yet more than a third of healthcare organizations affected by attacks might be discreetly paying the ransom, according to a report by cybersecurity firm Sophos.
The global report surveyed 328 IT decision-makers in the healthcare industry from January to February.
Five things to know:
- Thirty-four percent of respondents were hit by a ransomware attack in the last year. Of those hit, 65 percent said the hackers successfully encrypted their data. Less than half (44 percent) were able to restore their data with backup files.
- More than a third (34 percent) of ransomware victims that had data encrypted paid the ransom to get their data back, but only 69 percent of encrypted data was able to be recovered.
- The average cost to rectify a ransomware attack, including downtime, device costs, lost opportunity and ransom paid, was $1.27 million.
- The average healthcare ransom payment was $131,304.
- Forty-one percent of healthcare companies weren't hit by ransomware in the last year, but expect to be hit in the future. Less than a quarter (24 percent) said they were not hit by ransomware in the last year and do not expect to be hit in the future.