Survey: Ransomware Attacks Increase, But Cloud Compromise More Concerning

Oct. 11, 2023
Fifty-four percent of respondents said their organization suffered a ransomware attack in the last year, but only 48 percent of respondents said this threat concerns them the most

A recent survey of 653 healthcare IT and security practitioners found that although ransomware remains an imminent threat to healthcare organizations, concerns about it are actually on the decline relative to other threats.

In the survey, conducted by cybersecurity and compliance company Proofpoint Inc. and the Ponemon Institute, 54 percent of respondents say their organization suffered a ransomware attack in the last year, up from 41 percent in 2022. However, ransomware fell to the bottom of their threat concerns, with only 48 percent of respondents saying this threat concerns them the most, compared to 60 percent last year.

The number of surveyed organizations making a ransom payment also dropped, from 51 percent in 2022 to 40 percent this year. However, the average total cost for the highest ransom payment spiked 29 percent to $995,450. Further, 68 percent said the ransomware attack resulted in a disruption to patient care, with most (59 percent) citing delays in procedures and tests that resulted in poor outcomes.

So what has supplanted ransomware as a top concern? Healthcare organizations feel most vulnerable to and most concerned about cloud compromise, according to the survey. Seventy-four percent of survey participants view their organization as most vulnerable to a cloud compromise, on par with last year’s 75 percent. However, a higher number are concerned about the threats posed by the cloud: 63 percent vs. 57 percent in 2022. Cloud compromise, in fact, rose to the top as the most concerning threat this year from fifth place last year.

Business email compromise/spoofing concerns also increased significantly. The number of respondents concerned about BEC/spoofing jumped to 62 percent from last year’s 46 percent. More than half (54 percent) of organizations experienced five of these types of incidents on average. The growing concern may reflect the finding that BEC/spoofing attacks are more likely than others to result in poor outcomes due to delayed procedures (71 percent), increased complications from procedures (56 percent), and lengthier stays (55 percent).

The report based on the survey notes that although the number of organizations concerned about BEC/spoofing phishing grew, only 45 percent take steps to prevent and respond to this type of attack. Similarly, despite the prevalence of disruptions to patient care from supply chain attacks, only 45 percent of organizations have documented steps to respond to them.

Among the organizations that suffered the four most common types of attacks—cloud compromise, ransomware, supply chain, and business email compromise (BEC)—an average of 66 percent reported disruption to patient care. Specifically, 57 percent reported poor patient outcomes due to delays in procedures and tests, 50 percent saw an increase in medical procedure complications, and 23 percent experienced increased patient mortality rates. These numbers mirror last year’s findings, indicating that healthcare organizations have made little progress in mitigating the risks of cyber attacks on patient safety and wellbeing.

“For the second consecutive year, we found that the four types of analyzed attacks show a direct negative impact on patient safety and wellbeing,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “Our findings also show that more IT and security professionals view their organization as vulnerable to each type of attack, compared to 2022. These attacks are also putting an even greater strain on resources than last year—costing on average 13 percent more overall and 58 percent more in the time required to ensure the impact on patient care was corrected.”