What You Ought to Know:
– Critical Insight, the Cybersecurity-as-a-Service supplier specializing in serving to essential organizations Put together, Detect, and Reply in at the moment’s risk setting releases its H2 2022 Healthcare Information Breach Report, which analyzes breach information reported to the U.S. Division of Well being and Human Providers by healthcare organizations.
– The variety of information breaches affecting healthcare suppliers declined within the second half of 2022, in step with a downward development over the previous two years, however a deeper dive into the info reveals that present breach totals are nonetheless increased than pre-pandemic ranges; breaches are affecting extra people; and hackers are shifting ways to assault weak hyperlinks within the healthcare system provide chain, most notably attacking EHR techniques.
Key Findings From the Healthcare Information Breach in 2H 2022
The report exhibits that whereas the variety of information breaches affecting healthcare suppliers declined within the second half of 2022, the variety of particular person information uncovered by these breaches elevated by 35%. The report additionally highlights the evolving ways of hackers and the necessity for healthcare organizations to prioritize preparation, detection, and incident response.
● Breach numbers are down: Whole breaches dropped 9% between the primary six months of 2022 and the yr’s second half, declining since a high-water mark on the top of the pandemic from 393 breaches within the second half of 2020 to 313 within the newest reporting interval.
● Data affected are up: The variety of particular person information uncovered by breaches skyrocketed by 35% within the second half of 2022 to hit 28 million. In different phrases, fewer however extra important breaches replicate consolidation throughout the business and the evolving ways of attackers.
● Hacking stays excessive: Most information breaches are as a consequence of hacking. Healthcare organizations have completed a superb job of shoring up their insurance policies round dealing with and storing medical information. Hacking accounted for 79% of all incidents and 84% of particular person information uncovered in 2022.
● Commonest breach causes: Unauthorized entry/disclosure now impacts extra information per breach than another breach sort. On common, the variety of people affected per unauthorized entry/disclosure breach spiked from 5,700 within the first half of 2022 to over 143,000 within the second half. By comparability, the typical variety of people affected per hacking breach grew from 73,900 to 87,000 in 2022.
● Who’s getting breached?: Attackers proceed to assault hospitals however have discovered growing success concentrating on enterprise associates and third-party distributors resembling digital medical report suppliers, attorneys, accountants, billing corporations, and medical system producers. Within the second half of 2022, extra information had been uncovered as a consequence of breaches at enterprise associates (48%) than precise healthcare suppliers (47%).
● What we’re watching: Assaults in opposition to EMR techniques which had been non-existent in previous years, spiked to 7% within the first half of 2022 and 4% within the second half of 2022. For the complete yr 2022, EMR-related breaches accounted for six million particular person information uncovered.
“Because the healthcare business continues to face a quickly evolving risk panorama, it’s essential for organizations to remain forward of the curve and keep ready,” stated John Delano, Healthcare Cybersecurity Strategist at Crucial Perception and Vice President at CHRISTUS Well being. “Our newest H2 2022 Healthcare Breach Report highlights the shifting ways of attackers, who at the moment are concentrating on smaller entities with weaker cyber defenses. Organizations should keep vigilant and proactively defend in opposition to these threats to guard affected person information and keep the belief of their sufferers and the general public.”
This report offers beneficial insights into the present state of healthcare breaches and the necessity for organizations to implement a complete safety technique, together with threat assessments, third-party threat administration, and incident response planning.