Report: Legacy Systems a Top Threat to Business Resilience

In 40 percent of attacks, threat actors threatened to physically harm executives at organizations that declined to pay a ransom demand, study states
Aug. 8, 2025
2 min read

Key Highlights

  • Nearly 77 percent of healthcare organizations reported being targeted by ransomware in the past year, with over half experiencing successful attacks.
  • Organizations face significant financial and operational damages, with some paying over $1 million and many not receiving usable decryption keys even after payment.
  • Outdated legacy systems are identified as a top vulnerability, especially in sectors like healthcare, education, and manufacturing, making them more susceptible to attacks.
  • Threat actors often use physical intimidation, with 40 percent of attacks involving threats to harm executives if ransom demands are not met.
ID 92559217 © Vchalup | Dreamstime.com
Legacy Systems a Top Threat to Business Resilience
Legacy Systems a Top Threat to Business Resilience

Semperis, a provider of AI-powered identity security, has published results of a global ransomware study of nearly 1,500 organizations in a variety of industries that aims to understand their experience with ransomware over the last 12 months. According to a press announcement, the study showed that hackers are relentless and ransomware is still a global epidemic. Global organizations across North America, the United Kingdom, Europe, and the Asia Pacific region participated in the survey on their experience with ransomware.

Seventy-seven of the responding healthcare organizations reported being targeted by ransomware in the last 12 months. Fifty-three percent of attacks on healthcare organizations worldwide were successful. Seventeen percent of these organizations managed to resume operations within a day, while 52 percent reported being up and running within a week after the attack, and 31 percent within a month.

The report indicated that even for those who paid ransom, their losses—ranging from $500,000 to $1,000,000 annually for 50 percent and over $1,000,000 for 8 percent of study participants who paid—were only the tip of the iceberg. On average, 15 percent of victims did not receive usable decryption keys even after paying ransom. An additional 3 percent found that attackers had published or illegally used their stolen data. Ransomware victims faced various collateral damages. For many industries, these disruptions were devastating. Attacks on healthcare organizations have led to patient deaths.

One of the key takeaways from the study was that outdated or legacy systems were identified as a top threat to business resilience by organizations in Canada and Germany, as well as in the Education, Energy, Government, Healthcare, and Manufacturing/Utilities sectors. Another key takeaway was that regulatory compliance was cited as a top cybersecurity challenge by organizations in the UK and France, as well as the Finance and Healthcare sectors.

In 40 percent of attacks, threat actors threatened to physically harm executives at organizations that declined to pay a ransom demand, Semperis reported. “US-based companies experienced physical threats 46 percent of the time, while 44 percent of German firms experienced similar forms of intimidation.”

About the Author

Pietje Kobus-McAllister

Pietje Kobus-McAllister

Pietje Kobus-McAllister has an international background and experience in content management and editing. She studied journalism in the Netherlands and Communications and Creative Nonfiction in the U.S. Pietje joined Healthcare Innovation in January 2024.

Sign up for our eNewsletters
Get the latest news and updates

Related

What Clinical Groups Told HHS They Need to Accelerate AI Adoption
AI and Technology Alone Won't Fix Revenue Cycle Challenges: The Automation Paradox in RCM
Healthcare Providers Rapidly Adopting Verizon Neutral Host and Private 5G Combo Networks
Sponsored
The Power of Member Experience in Boosting Insurance Renewals
Sponsored