81% of UK Healthcare Organizations Hit by Ransomware in Last Year

More than four-fifths (81%) of UK healthcare organizations suffered a ransomware attack in the last year, according to a new study by Obrela Security Industries.

The survey of 100 cybersecurity managers in the health sector found that 38% of UK healthcare organizations have elected to pay a ransom demand to get their files back. However, 44% revealed they had refused to pay a demand but lost their healthcare data as a result.

The study also examined the broader consequences of cyber-attacks on healthcare organizations. Close to two-thirds (64%) of respondents admitted their organization has had to cancel in-person appointments because of a cyber-attack. Even more worryingly, 65% believe that a cyber-attack on their systems could lead to loss of life.

The study comes shortly after it was reported that the death of an infant in the US could be the first recorded fatality caused by ransomware.

George Patsis, CEO of Obrela, commented: “Healthcare organizations hold some of the world’s most sensitive data and our study shows many are completely unprepared for cyber-attacks. Threat actors target valuable confidential data, making healthcare a growing target, and ransomware is steadily picking up pace as today’s cyber-weapon of choice. However, most organizations will not be able to identify a data leakage or a security compromise before it is too late. The security community and the UK Government should use this data as a call to action to step in and assist.”

The survey coincided with Obrela’s Q3 Digital Universe Study, which found there was a 30% increase in attacks on healthcare industry IT infrastructure in Q3 compared to Q2 2021. A significant rise was observed across multiple attack vectors, including email security threats (36%), insider attacks (24%) and perimeter breaches (20%).

Patsis added: “Technology has been evolving very rapidly, and it has become a critical element of modern healthcare, but it has also become a significant part of the attack landscape. What is worrisome is that healthcare technology is often deployed and used without security in mind. Therefore, security professionals must consider that the risk profiles of those organizations are now higher, given the complexity of the underlying infrastructure, as well as the fusion of previously physically and logically separated technologies. In short, we need to act now, otherwise we will witness the loss of human lives.”

There have been numerous high-profile examples of healthcare organizations falling victim to ransomware attacks in 2021. These include the attack on Ireland’s health service, HSE Ireland, in May, which led to a number of hospital appointments being canceled.