The healthcare industry continues to be a prime target for ransomware hackers. New research by Rubrik Zero Labs reveals that ransomware attacks produce larger impacts against these healthcare targets. In fact, the report estimates that one fifth of all sensitive data belonging to healthcare organizations is impacted in each ransomware attack.
“Despite the fallout of cyberattacks dominating headlines, data risk is an issue that continues to be murky — especially in terms of what security teams can actually change and what they cannot,” said Steven Stone, head of Rubrik Zero Labs.
“The more we talk about cyber threats like ransomware, and its impact on industries like healthcare, the more we can collaborate to minimise the risk calculus and ultimately beat cyber attackers trying to impede our businesses.”
The Rubrik Zero Labs research unit pairs Rubrik telemetry across its customer base of more than 6,100 organisations with findings from a survey conducted by Wakefield Research of more than 1,600 IT and security leaders — half of which are CIOs and CISOs. Additionally, this study incorporated data from two Rubrik partner organisations and five other research organisations in an effort to provide the most objective findings.
If you liked this content…
With core focuses including the cyber threat landscape in the healthcare industry, cloud data security blind spots, and ransomware, key findings include:
Healthcare far surpasses the global average in sensitive data
- Rubrik observed that healthcare organisations secure 22 percent more data than the global average.
- A typical healthcare organisation saw their data estate grow by 27 percent last year.
- A typical healthcare organisation has more than 42 million sensitive data records — 50 percent more sensitive data than the global average of 28 million.
- Sensitive data records in observed healthcare organisations grew by more than 63 percent in 2023 — far surpassing any other industry and more than five times the global average (13 percent).
Ransomware produces outsized impacts against healthcare
- Ransomware attacks against observed healthcare organisations have an estimated impact of almost five times more sensitive data than the global average.
- This equates to an estimated 20 percent of a typical healthcare organisation’s total sensitive data holdings impacted every time there is a successful ransomware encryption event, compared to six percent for an average organization.
- Virtualisation really matters for healthcare and ransomware: 97 percent of all encrypted data in Rubrik observed healthcare organisations last year occurred within virtualised architecture compared to 83 percent across all industries.
As cloud becomes more widely adopted, new security blind spots emerge
- Organisations are becoming more dependent on the cloud. In 2023, Rubrik observed that cloud architecture stored 13 percent of an organization’s data, compared to nine percent in 2022. Comparatively, on-premises declined from 77 percent in 2022 to 70 percent in 2023.
- Of the external organisations victimised in a cyberattack in 2023, many were attacked across multiple aspects of their hybrid environment with 67 percent of attacks impacting SaaS data, 66 percent for the cloud, and 51 percent for on-premise locations.
- The cloud comes with inherent risk based on security blind spots and vulnerable sensitive data, according to Rubrik Telemetry:
- Blind spot #1: 70 percent of all data in a typical cloud instance is object storage, which typically has a far lower security coverage compared to other areas.
- Blind spot #2: 88 percent of all data in object storage is not confirmed as machine readable or covered by prominent security technologies and services.
- Blind spot #3: More than 25 percent of object storage data is subject to regulatory or legal requirements, such as protected health information (PHI) and personally identifiable information (PII).
