Report: Attackers Targeting Smaller Healthcare Orgs
Bremerton, Wash.-headquartered Critical Insight, a Managed Detection and Response (MDR) service provider specializing in protecting the, announced via an Aug. 24 press release the publication its “H1 2022 Healthcare Data Breach Report.” The report analyzes breach data reported to the U.S. Department of Health and Human Services by healthcare organizations and saw an interesting shift in attackers targeting smaller hospitals that have less security preparedness, staff size, and budget.
The release says that “Aside from this change in victim focus, attackers this half of the year hit the jackpot, with the Eye Care Leaders EMR breach, which exposed more than 2 million records. This trend of focusing on a systemic technology that is used across most healthcare providers is a trend we anticipate continuing throughout the remainder of 2022.”
Key highlights from the report include:
- The total number of breaches has steadily declined, from the peak of 393 to 367 in the first half of 2021, 344 in the second half of 2021, and 324 in the first half of 2022
- Approximately 20 million individuals were affected by a data breach in the first half of 2022, a 10 percent drop compared to the previous six months and a 28 percent drop from the first half of 2021
- Healthcare providers represent 73 percent of total breaches, business associates represent 15 percent, and health plans represent 12 percent
- Hacks associated with network servers declined from a peak of 67 percent in the first half of 2021 to 57 percent in the first half of 2022
- EHR-related breaches increased from 0 percent in the first half of 2020 to almost 8 percent in 2022
- Breaches associated with health plans decreased by 53 percent, but attacks against business associates jumped by 10 percent and attacks against providers went up 15 percent
John Delano, healthcare cybersecurity strategist at Critical Insight and vice president at Christus Health, was quoted in the release saying that “Attackers are continuing to push the envelope and change the playing field when it comes to healthcare data breaches and attacks. This move from large hospital systems and payers to smaller entities that truly have a deficit when it comes to cyber defenses, shows a massive change in victims and approach. As we continue into 2022, we anticipate attackers to continue to focus on these smaller entities for ease of attack, but also for evasion of media attention and escalation with law enforcement.”
The full report can be accessed here.