Rubrik Report: Ransomware Devastates Healthcare As One-Fifth of Sensitive Data Lost per Attack
Recent cyber incidents demonstrate the healthcare industry continues to be a prime target for ransomware hackers. New research by Rubrik Zero Labs reveals that ransomware attacks produce larger impacts against these healthcare targets. In fact, the report estimates that one-fifth of all sensitive data belonging to healthcare organisations is impacted by each ransomware attack.
Rubrik Zero Lab’s new “The State of Data Security: Measuring Your Data’s Risk” report offers insights on real-world risks against data as the pace and volume of cyber events continues to increase globally, aided by the explosion of data in the cloud and the realities of modern computing environments. Rubrik Zero Labs studies the challenges organisations face to protect their crown jewels – their data – as well as how to reduce data risk and prepare for the evolving risk cycle before, during, and after a cyberattack.
“With the surge in digital service delivery and cloud adoption, the region faces escalating cyber threats, posing significant risks to sensitive data, especially in healthcare where vast amounts of information are handled. There’s a pressing need for deeper collaboration between government, industry, and other stakeholders in fortifying cyber resilience in Asia, particularly in critical sectors like healthcare,” said Abhilash Purushothaman, Vice President & General Manager, Asia at Rubrik.
“Singapore has the unique added challenge of an ageing population, which will inevitably lead to a growth in healthcare data. We need to acknowledge and take action against the evolving cyber threat landscape, including the alarming rise of ransomware attacks, by bolstering our first and last line of defences and minimising the impact of potential breaches targeting critical data. By comprehensively examining these challenges and working collectively, the nation can enhance its cyber resilience posture, enabling quicker and more predictable recovery from cyberattacks while reducing data security risks.”
The Rubrik Zero Labs research unit pairs Rubrik telemetry across its customer base of more than 6,100 organisations with findings from a survey conducted by Wakefield Research of more than 1,600 IT and security leaders – half of which are CIOs and CISOs. Additionally, this study incorporated data from two Rubrik partner organisations and five other research organisations in an effort to provide the most objective findings. With core focuses including the cyber threat landscape in the healthcare industry, cloud data security blind spots, and ransomware, key findings include:
Healthcare Far Surpasses the Global Average in Sensitive Data
-
Rubrik observed that healthcare organisations secure 22% more data than the global average.
-
A typical healthcare organisation saw its data estate grow by 27% last year.
-
A typical healthcare organisation has more than 42 million sensitive data records – 50% more sensitive data than the global average of 28 million.
-
Sensitive data records in observed healthcare organisations grew by more than 63% in 2023 – far surpassing any other industry and more than five times the global average (13%).
Ransomware Continues to Wreak Havoc across Organisations in Singapore – and IT and Security Teams
-
99% of IT and security leaders in Singapore reported their organisation experienced a significant cyberattack last year – the joint highest across markets.
-
Organisations surveyed in Singapore also faced an average of 43 attacks in that timeframe, the highest number of reported attacks across all regions. 41% of organisations reported they endured at least one ransomware attack.
-
96% of external organisations that endured a ransomware attack reported paying a ransom demand, with 51% of these payments motivated primarily by threats to leak stolen data.
-
98% of senior IT and security leaders in Singapore reported changes to their emotional and/or psychological state as a direct result of a cyberattack, with 38% worrying over job security.
-
Leadership changes increased following cyberattacks, reported by 49% of organisations in Singapore.
Ransomware Produces Outsized Impacts Against Healthcare
-
Ransomware attacks against observed healthcare organisations have an estimated impact of almost five times more sensitive data than the global average.
-
This equates to an estimated 20% of a typical healthcare organisation’s total sensitive data holdings impacted every time there is a successful ransomware encryption event, compared to 6% for an average organisation.
-
Virtualisation really matters for healthcare and ransomware: 97% of all encrypted data in Rubrik observed in healthcare organisations last year occurred within virtualised architecture compared to 83% across all industries.
As the Cloud Becomes More Widely Adopted, New Security Blind Spots Emerge
-
Organisations are becoming more dependent on the cloud. In 2023, Rubrik observed that cloud architecture stored 13% of an organisation’s data, compared to 9% in 2022. Comparatively, on-premises declined from 77% in 2022 to 70% in 2023.
-
Of the external organisations victimized in a cyberattack in Singapore last year, many were attacked across multiple aspects of their hybrid environment with 70% of attacks impacting SaaS data, 67% for the cloud, and 46% for on-premises locations.
-
The cloud comes with inherent risk based on security blind spots and vulnerable sensitive data, according to Rubrik Telemetry:
-
Blind spot #1: 70% of all data in a typical cloud instance is object storage, which typically has a far lower security coverage compared to other areas.
-
Blind spot #2: 88% of all data in object storage is not confirmed as machine-readable or covered by prominent security technologies and services.
-
Blind spot #3: More than 25% of object storage data is subject to regulatory or legal requirements, such as protected health information (PHI) and personally identifiable information (PII).
-
Rubrik Zero Labs, the company’s data security research unit formed to analyse the global threat landscape, reports on emerging data security issues to give organisations research-backed insights and best practices to secure their data against increasing cyber events.
To read the full report, visit here.