What You Ought to Know:
– Critical Insight, the Cybersecurity-as-a-Service supplier specializing in serving to crucial organizations Put together, Detect, and Reply in at present’s menace surroundings releases its H2 2022 Healthcare Knowledge Breach Report, which analyzes breach information reported to the U.S. Division of Well being and Human Companies by healthcare organizations.
– The variety of information breaches affecting healthcare suppliers declined within the second half of 2022, in line with a downward development over the previous two years, however a deeper dive into the info reveals that present breach totals are nonetheless increased than pre-pandemic ranges; breaches are affecting extra people; and hackers are shifting ways to assault weak hyperlinks within the healthcare system provide chain, most notably attacking EHR techniques.
Key Findings From the Healthcare Knowledge Breach in 2H 2022
The report reveals that whereas the variety of information breaches affecting healthcare suppliers declined within the second half of 2022, the variety of particular person data uncovered by these breaches elevated by 35%. The report additionally highlights the evolving ways of hackers and the necessity for healthcare organizations to prioritize preparation, detection, and incident response.
Key Findings:
● Breach numbers are down: Complete breaches dropped 9% between the primary six months of 2022 and the 12 months’s second half, declining since a high-water mark on the top of the pandemic from 393 breaches within the second half of 2020 to 313 within the newest reporting interval.
● Information affected are up: The variety of particular person data uncovered by breaches skyrocketed by 35% within the second half of 2022 to hit 28 million. In different phrases, fewer however extra important breaches mirror consolidation inside the business and the evolving ways of attackers.
● Hacking stays excessive: Most information breaches are as a consequence of hacking. Healthcare organizations have completed a superb job of shoring up their insurance policies round dealing with and storing medical data. Hacking accounted for 79% of all incidents and 84% of particular person data uncovered in 2022.
● Most typical breach causes: Unauthorized entry/disclosure now impacts extra data per breach than every other breach sort. On common, the variety of people affected per unauthorized entry/disclosure breach spiked from 5,700 within the first half of 2022 to over 143,000 within the second half. By comparability, the common variety of people affected per hacking breach grew from 73,900 to 87,000 in 2022.
● Who’s getting breached?: Attackers proceed to assault hospitals however have discovered growing success focusing on enterprise associates and third-party distributors reminiscent of digital medical file suppliers, legal professionals, accountants, billing firms, and medical machine producers. Within the second half of 2022, extra data had been uncovered as a consequence of breaches at enterprise associates (48%) than precise healthcare suppliers (47%).
● What we’re watching: Assaults in opposition to EMR techniques which had been non-existent in previous years, spiked to 7% within the first half of 2022 and 4% within the second half of 2022. For the total 12 months 2022, EMR-related breaches accounted for six million particular person data uncovered.
“As the healthcare industry continues to face a rapidly evolving threat landscape, it’s crucial for organizations to stay ahead of the curve and stay prepared,” mentioned John Delano, Healthcare Cybersecurity Strategist at Important Perception and Vice President at CHRISTUS Well being. “Our latest H2 2022 Healthcare Breach Report highlights the shifting tactics of attackers, who are now targeting smaller entities with weaker cyber defenses. Organizations must stay vigilant and proactively defend against these threats to protect patient data and maintain the trust of their patients and the public.”
This report gives priceless insights into the present state of healthcare breaches and the necessity for organizations to implement a complete safety technique, together with threat assessments, third-party threat administration, and incident response planning.
Author: Syed Hamza Sohail
Date: 2023-02-24 13:19:47
