Ransomware attacks impact 20% of sensitive data in healthcare organizations

Recent cyber incidents show that the healthcare industry continues to be a prime target for ransomware hackers, according to Rubrik.

New research from Rubrik Zero Labs shows that ransomware attacks are having a greater impact on these healthcare targets. In fact, the report estimates that one-fifth of all healthcare organizations’ sensitive data is affected in each ransomware attack.

“Although the impact of cyberattacks dominates the headlines, data risk remains a murky topic – particularly in terms of what security teams can and cannot actually change,” said Steven Stone, head of Rubrik Zero Labs.

“Our goal with this report is to provide quantifiable insights that IT and security leaders can bring to their organization to increase cyber resilience – especially with their partners in the business and governance teams. The more we talk about cyber threats like ransomware and their impact on industries like healthcare, the better we can work together to minimize risk calculations and ultimately defeat cyber attackers who seek to hinder our businesses,” Stone added .

Healthcare far exceeds the global average for sensitive data

Rubrik found that healthcare organizations secure 22% more data than the global average. A typical healthcare organization’s data grew by 27% last year.

A typical healthcare organization has more than 42 million sensitive records – 50% more sensitive data than the global average of 28 million. The number of sensitive records in monitored healthcare organizations increased by more than 63% in 2023 – far more than any other industry and more than five times the global average (13%).

Ransomware attacks on observed healthcare organizations are estimated to impact nearly five times more sensitive data than the global average. This represents an estimated 20% of a typical healthcare organization’s total sensitive data assets affected in each successful ransomware encryption event, compared to 6% for an average organization.

Virtualization really matters for healthcare and ransomware: 97% of all encrypted data in healthcare organizations tracked by Rubrik last year occurred within a virtualized architecture, compared to 83% across all industries.

Organizations are becoming more and more dependent on the cloud

In 2023, Rubrik found that cloud architecture stored 13% of an organization’s data, compared to 9% in 2022. In comparison, the on-premise share fell from 77% in 2022 to 70% in 2023. By External organizations experienced a cyberattack in 2023 Many were attacked across multiple aspects of their hybrid environment, with 67% of attacks affecting SaaS data, 66% the cloud, and 51% on-premises.

According to Rubrik Telemetry, the cloud poses an inherent risk based on security vulnerabilities and vulnerable sensitive data:

• Blind spot #1: 70% of all data in a typical cloud instance is object storage, which typically has far lower security coverage compared to other areas.
• Blind spot #2: 88% of all data in object storage is not verifiably machine-readable or covered by known security technologies and services.
• Blind spot #3: More than 25% of object storage data is subject to regulatory or legal requirements, such as: B. Protected Health Information (PHI) and Personally Identifiable Information (PII).

Ransomware continues to plague businesses

94% of IT and security leaders said their organization experienced a significant cyberattack in the past year, experiencing an average of 30 attacks during that period. A third of these victims suffered at least one ransomware attack.

93% of external organizations that suffered a ransomware attack reported paying a ransom demand, with 58% of these payments motivated primarily by threats to expose stolen data. 96% of senior IT and security leaders reported changes in their emotional and/or psychological state as a direct result of a cyberattack, with 38% worried about job security.

Leadership changes following cyberattacks are increasing, with 44% of companies reporting major staffing changes – up from 36% in 2022

The Rubrik Zero Labs report, “The State of Data Security: Measuring the Risk to Your Data,” was commissioned by Rubrik and conducted by Wakefield Research among 1,625 IT and security decision makers at organizations with 500 or more employees. About half of the respondents were CIOs and CISOs and half were VPs and directors of IT and security. The research was conducted between January 18 and 30, 2024 in the United States, United Kingdom, France, Germany, Italy, Netherlands, Japan, Australia, Singapore and India.