www.sophos.com
Open in
urlscan Pro
23.59.154.113
Public Scan
URL:
https://www.sophos.com/en-us/press/press-releases/2023/11/cybercriminals-successfully-encrypted-data-ransomware-attacks...
Submission: On March 07 via api from US — Scanned from DE
Submission: On March 07 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Skip to main content
PRIMARY MENU
* Services & Products
* Solutions
* Partners
* About
* Support
Cybersecurity as a Service
MANAGED SERVICES
24/7 Threat Detection and Response
Sophos Managed Detection and Response
Experiencing a Cyberattack?
Sophos Incident Response Services
Get Started
Managed Services
* Sophos Managed Detection and Response
* Sophos Incident Response Services
Sophos Central Platform
PRODUCTS
* Endpoint
* Sophos Endpoint (EDR)
* Sophos Workload Protection
* Sophos Mobile
* Network
* Sophos Firewall
* Sophos Wireless
* Sophos Switch
* Sophos Zero Trust Network
* Email & Cloud
* Sophos Email
* Sophos Phish Threat
* Cloud Native Security
* Cloud Workload Protection
* Security Operations
* Sophos MDR
* Sophos XDR
* Sophos Factory
* For Small Business
* Sophos Small Business
* For Home
* Sophos Home
Sophos Global Partner Program
Profitable. Powerful. Adaptive.
Become a Partner Partner Portal Sign In
* Partner Program
* Overview
* Managed Service Provider (MSP)
* Cloud Security Provider (CSP)
* Partner Care Support
* Technology
* Marketplace
* OEM
* Partner Tools
* Partner Portal
* Sophos Central Partner
* Find a Partner
* Partner Blog
* Partner Training
Sophos Support
Support Portal
* Get Help
* Support Plans
* Downloads & Updates
* Documentation
* Sophos Training
* Contact Support
* Support Portal
* Partner Care Support
* Resources
* Join the Community
* Twitter Support
* Knowledge Base
* Techvids
* Sophos Central Status
* Submit a Threat
* Product Support
* Sophos Firewall
* Sophos Endpoint
* Sophos Server
* Sophos Central
* Sophos Email
* More Products
Superior cybersecurity outcomes for real-world organizations.
Read the Reviews
* Company
* About Us
* Press
* Sophos Events
* Careers
* Contact
* News
* Sophos Blog
* Sophos AI
* Sophos X-Ops
* Sign In
* Sophos Home
* Sophos Central
* Partner Portal
* Licenses & Account
* Why Sophos
* Sophos vs the Competition
* Read the Reviews
Secure your small business.
Enterprise-grade cybersecurity that's cost-effective for small businesses.
Get Started
* Industries
* Education
* Finance and Banking
* US Federal
* Healthcare
* Manufacturing
* Retail
* More
* Compliance
* NIS2 Directive
* HIPAA
* PCI DSS
* GDPR
* NIST SP800-171
* ISO/IEC 27001:2022
* More
* Use Cases
* Cloud Security
* SASE
* Ransomware Protection
* Supply Chain Security
* Securing Remote Workers
* Cyber Insurance Optimization
* More
Toggle Language menu
* Services & Products
Cybersecurity as a Service
MANAGED SERVICES
24/7 Threat Detection and Response
Sophos Managed Detection and Response
Experiencing a Cyberattack?
Sophos Incident Response Services
Get Started
Managed Services
* Sophos Managed Detection and Response
* Sophos Incident Response Services
* Products
* Endpoint
* Sophos Endpoint (EDR)
* Sophos Workload Protection
* Sophos Mobile
* Network
* Sophos Firewall
* Sophos Wireless
* Sophos Switch
* Sophos Zero Trust Network
* Email & Cloud
* Sophos Email
* Sophos Phish Threat
* Cloud Native Security
* Cloud Workload Protection
* Security Operations
* Sophos MDR
* Sophos XDR
* Sophos Factory
* For Small Business
* Sophos Small Business
* For Home
* Sophos Home
* Solutions
* Industries
* Education
* Finance and Banking
* US Federal
* Healthcare
* Manufacturing
* Retail
* More
* Compliance
* NIS2 Directive
* HIPAA
* PCI DSS
* GDPR
* NIST SP800-171
* ISO/IEC 27001:2022
* More
* Use Cases
* Cloud Security
* SASE
* Ransomware Protection
* Supply Chain Security
* Securing Remote Workers
* Cyber Insurance Optimization
* More
* Partners
* Partner Program
* Overview
* Managed Service Provider (MSP)
* Cloud Security Provider (CSP)
* Partner Care Support
* Technology
* Marketplace
* OEM
* Partner Tools
* Partner Portal
* Sophos Central Partner
* Find a Partner
* Partner Blog
* Partner Training
* About
* Company
* About Us
* Press
* Sophos Events
* Careers
* Contact
* News
* Sophos Blog
* Sophos AI
* Sophos X-Ops
* Sign In
* Sophos Home
* Sophos Central
* Partner Portal
* Licenses & Account
* Why Sophos
* Sophos vs the Competition
* Read the Reviews
* Support
* Get Help
* Support Plans
* Downloads & Updates
* Documentation
* Sophos Training
* Contact Support
* Support Portal
* Partner Care Support
* Resources
* Join the Community
* Twitter Support
* Knowledge Base
* Techvids
* Sophos Central Status
* Submit a Threat
* Product Support
* Sophos Firewall
* Sophos Endpoint
* Sophos Server
* Sophos Central
* Sophos Email
* More Products
* All Products
* Cybersecurity for Home
* Free Tools
Toggle Search Toggle Language menu Toggle Mobile menu
Toggle Section menu
COMPANY
* Overview
* Press
* Threat News
* Events
* Careers
* Contact
* News
Switch Language
* English
* List additional actions
* 简体中文
* Français
* Deutsch
* Italiano
* 日本語
* Português, Brasil
* Español
BREADCRUMB
1. Home
2. Company
3. Press
4. Cybercriminals Successfully Encrypted Data In Ransomware Attacks On Nearly
75% of Healthcare Organizations That Sophos Surveyed
CYBERCRIMINALS SUCCESSFULLY ENCRYPTED DATA IN RANSOMWARE ATTACKS ON NEARLY 75%
OF HEALTHCARE ORGANIZATIONS THAT SOPHOS SURVEYED
Only 24% of Heathcare Organizations Were Able to Disrupt a Ransomware Attack
Before Attackers Encrypted Their Data
This is the Lowest Rate of Disruption in 3 Years
OXFORD, U.K. — November 1, 2023 —
Sophos, a global leader in innovating and delivering cybersecurity as a service,
today shared its sector survey report, “The State of Ransomware in Healthcare
2023,” which revealed that, among those organizations surveyed, cybercriminals
successfully encrypted data in nearly 75% of ransomware attacks. This is the
highest rate of encryption in the past three years and a significant increase
from the 61% of healthcare organizations that reported having their data
encrypted last year.
In addition, only 24% of healthcare organizations were able to disrupt a
ransomware attack before the attackers encrypted their data—down from 34% in
2022; this is the lowest rate of disruption reported by the sector over the past
three years.
“To me, the percentage of organizations that successfully stop an attack before
encryption is a strong indicator of security maturity. For the healthcare
sector, however, this number is quite low—only 24%. What’s more, this number is
declining, which suggests the sector is actively losing ground against
cyberattackers and is increasingly unable to detect and stop an attack in
progress.
“Part of the problem is that ransomware attacks continue to grow in
sophistication, and the attackers are speeding up their attack timelines. In the
latest Active Adversary Report for Tech Leaders, we found that the median time
from the start of a ransomware attack to detection was only five days. We also
found that 90% of ransomware attacks took place after regular business hours.
The ransomware threat has simply become too complex for most companies to go at
it alone. All organizations, especially those in healthcare, need to modernize
their defensive approach to cybercrime, moving from being solely preventative to
actively monitoring and investigating alerts 24/7 and securing outside help in
the form of services like managed detection and response (MDR),” said Chester
Wisniewski, director, field CTO, Sophos.
Additional key findings from the report include:
* In 37% of ransomware attacks where data was successfully encrypted, data was
also stolen, suggesting a rise in the “double dip” method
* Healthcare organizations are now taking longer to recover, with 47%
recovering in a week, compared to 54% last year
* The overall number of ransomware attacks against healthcare organizations
surveyed declined from 66% in 2022 to 60% this year
* Compromised credentials were the number one root cause of ransomware attacks
against healthcare organizations, followed by exploits
* The number of healthcare organizations surveyed that paid ransom payments
declined from 61% last year to 42% this year. This is lower than the
cross-sector average of 46%
“In 2016, the Red Cross Hospital of Córdoba in Spain suffered a ransomware
attack that reached servers and encrypted hundreds of files, medical records and
other important patient information. It was a major disruption to our operations
and interfered with our ability to care for our patients. The stakes are high in
ransomware attacks against healthcare organizations—and attackers know
that—meaning we’ll always be a target. After this ransomware attack, we worked
hard with Tekpyme to bolster our defenses, and now we have reduced our incident
response time by 80%. I think the industry as a whole is making improvements,
but there is still work to do, because of the constantly changing nature of
cybercrime. Hopefully healthcare organizations can leverage the help that is
available from security vendors such as Sophos to prevent a very real ‘threat to
life’ if systems go offline due to a ransomware attack,” said José Antonio
Alcaraz Pérez, head of information systems and communications at Cruz Red
Andalusia in Spain.
“Cyberspace today is ripe with technically sophisticated actors looking for
vulnerabilities to exploit. What all this translates to is a multidimensional
cyberthreat of actors who have the tools to paralyze entire hospitals.
Partnering with the private sector is critical to our mission. The information
[they] share has real-world impacts and can save real businesses and real
lives,” said Christopher Wray, FBI Director.
Sophos recommends the following best practices to help defend against ransomware
and other cyberattacks:
* Strengthen defensive shields with:
* Security tools that defend against the most common attack vectors, including
endpoint protection with strong anti-ransomware and anti-exploit
capabilities
* Zero Trust Network Access (ZTNA) to thwart the abuse of compromised
credentials
* Adaptive technologies that respond automatically to attacks, disrupting
adversaries and buying defenders time to respond
* 24/7 threat detection, investigation and response, whether delivered in-house
or by a specialized Managed Detection and Response (MDR) provider
* Optimize attack preparation, including regularly backing up, practicing
recovering data from backups and maintaining an up-to-date incident response
plan
* Maintain security hygiene, including timely patching and regularly reviewing
security tool configurations
To learn more about the State of Ransomware in Healthcare 2023, download the
full report from Sophos.com.
The State of Ransomware 2023 survey polled 3,000 IT/cybersecurity leaders in
organizations with between 100 and 5,000 employees, including 233 from the
healthcare sector, across 14 countries in the Americas, EMEA and Asia Pacific.
ABOUT SOPHOS
Sophos is a worldwide leader and innovator of advanced cybersecurity solutions,
including Managed Detection and Response (MDR) and incident response services
and a broad portfolio of endpoint, network, email, and cloud security
technologies that help organizations defeat cyberattacks. As one of the largest
pure-play cybersecurity providers, Sophos defends more than 500,000
organizations and more than 100 million users globally from active adversaries,
ransomware, phishing, malware, and more. Sophos’ services and products connect
through its cloud-based Sophos Central management console and are powered
by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos
X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem,
which includes a centralized data lake that leverages a rich set of open APIs
available to customers, partners, developers, and other cybersecurity and
information technology vendors. Sophos provides cybersecurity-as-a-service to
organizations needing fully-managed, turnkey security solutions. Customers can
also manage their cybersecurity directly with Sophos’ security operations
platform or use a hybrid approach by supplementing their in-house teams with
Sophos’ services, including threat hunting and remediation. Sophos sells through
reseller partners and managed service providers (MSPs) worldwide. Sophos is
headquartered in Oxford, U.K. More information is available at www.sophos.com.
Press ReleasesOverview
NEWS
* Overview
* Press Releases
* Sophos X-Ops Threat Research
* Awards and Reviews
* Press Contacts
FOOTER - DEFAULT
* Column 1
* Managed Services
* MDR
* Incident Response
* NDR
* ENDPOINT
* Endpoint (XDR)
* Server
* Mobile
* Encryption
* Column 2
* NETWORK
* Firewall
* Wireless
* Switch
* ZTNA
* EMAIL & CLOUD
* Email Protection
* Anti-Phishing
* Cloud Native Security
* Workload Protection
* Column 3
* TRY FOR FREE
* Free Trials
* Product Demos
* Free Tools
* Solutions
* Small and Medium Business
* TRUST
* Trust Center
* Column 4
* SUPPORT
* Support Packages
* Contact Support
* Training
* Downloads and Updates
* Documentation
* LEARN
* Cybersecurity Explained
* Ransomware Documentary
* Column 5
* Partners
* MSP
* Partner Training
* Partner News
* Become a Partner
* OEM
* Cloud Security
* Partner Care
* Find a Reseller
* Why Sophos
* Sophos vs the Competition
* Read the Reviews
* Column 6
* About Us
* Company
* Careers
* Contact
* Overview
* Find a Partner
* Tech Support
Switch Language
* English
* List additional actions
* 简体中文
* Français
* Deutsch
* Italiano
* 日本語
* Português, Brasil
* Español
* Terms
* Privacy
* Cookies Settings
* Privacy Notice
* Cookies
* Legal
* General
* Modern Slavery Statement
* Speak Out
© 1997-2024 Sophos Ltd. All Rights Reserved.
By clicking “Accept All Cookies”, you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts. Cookie Policy
Cookies Settings Reject All Cookies Accept All Cookies
PRIVACY PREFERENCE CENTER
* YOUR PRIVACY
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
* FUNCTIONAL COOKIES
* TARGETING COOKIES
YOUR PRIVACY
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Back Button
COOKIE LIST
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Reject All Allow All