Healthcare's ransomware defences need more preventative action
Healthcare was the most targeted industry sector by ransomware last year, with 45% of healthcare respondents suffering a ransomware attack in the past 12 months, according to a new survey.
Arcserve, a provider of backup, recovery, and immutable storage solutions for unified data resilience against ransomware and disasters, has released findings from its annual independent global research focusing on the healthcare sector's approach and experience of data protection, recovery, and ransomware readiness.
The findings reveal gaps, vulnerabilities, and misconceptions in the healthcare sector, potentially hindering its ability to effectively safeguard and recover data in the event of malicious attacks and accidental data outages stemming from human error or natural events.
Key findings include:
Prevalence: across all industry sectors, healthcare was the most targeted by ransomware attacks. Some 45% of healthcare respondents experienced a ransomware attack in the past 12 months.
Impact: high ransom demands, no guarantee of recovery. The report found 83% of ransom demands were between US$100,000 - $1 million. It found 67% paid the ransom, while 45% did not recover all their data after ransomware attacks.
Against this threat backdrop, there were apparent preparedness weaknesses.
The report found 82% of healthcare IT departments lack an updated disaster recovery plan. Nearly 75% of respondents believe data backed up to a public cloud is safer than data backed up on-prem. More than 50% of respondents mistakenly believe the cloud provider is responsible for recovering their data.
"In the face of growing number and sophistication of ransomware attacks, the healthcare industry continues to grapple with inadequate data protection and recovery mechanisms," says Vitali Edrenkine, Chief Marketing Officer at Arcserve.
"An ounce of prevention may be worth a pound of cure but our latest market research shows that when it comes to ransomware resilience, too many healthcare institutions have neither," Edrenkine says.
"A robust backup and disaster recovery strategy is critical for healthcare organisations to build resistance to malicious attacks."
Arcserve advocates for a transformative 'unified data resilience' approach within the healthcare sector to bolster preparedness. By adopting a unified data resilience strategy, organisations strengthen their defensive posture and have the necessary tools to expedite data recovery in the aftermath of ransomware attacks.
The research was conducted by Dimensional Research, with 1,121 IT decision-makers completing the survey. All participants had a budget or technical decision-making responsibility for data management, data protection, and storage solutions at a company with 100 - 2,500 employees and at least 5 TB of data. The survey was fielded in Australia, New Zealand, Brazil, France, Germany, India, Japan, Korea, the United Kingdom, the United States, and Canada (North America).