Report: Attackers Targeting Smaller Healthcare Orgs

Aug. 29, 2022
A recent report from Critical Insight analyzed breach data from the U.S. Department of Health and Human Services finding bad actors are targeting smaller hospitals with less security, staff, and budget

Bremerton, Wash.-headquartered Critical Insight, a Managed Detection and Response (MDR) service provider specializing in protecting the, announced via an Aug. 24 press release the publication its “H1 2022 Healthcare Data Breach Report.” The report analyzes ​​breach data reported to the U.S. Department of Health and Human Services by healthcare organizations and saw an interesting shift in attackers targeting smaller hospitals that have less security preparedness, staff size, and budget.

The release says that “Aside from this change in victim focus, attackers this half of the year hit the jackpot, with the Eye Care Leaders EMR breach, which exposed more than 2 million records. This trend of focusing on a systemic technology that is used across most healthcare providers is a trend we anticipate continuing throughout the remainder of 2022.”

Key highlights from the report include:

  • The total number of breaches has steadily declined, from the peak of 393 to 367 in the first half of 2021, 344 in the second half of 2021, and 324 in the first half of 2022
  • Approximately 20 million individuals were affected by a data breach in the first half of 2022, a 10 percent drop compared to the previous six months and a 28 percent drop from the first half of 2021
  • Healthcare providers represent 73 percent of total breaches, business associates represent 15 percent, and health plans represent 12 percent
  • Hacks associated with network servers declined from a peak of 67 percent in the first half of 2021 to 57 percent in the first half of 2022
  • EHR-related breaches increased from 0 percent in the first half of 2020 to almost 8 percent in 2022
  • Breaches associated with health plans decreased by 53 percent, but attacks against business associates jumped by 10 percent and attacks against providers went up 15 percent

John Delano, healthcare cybersecurity strategist at Critical Insight and vice president at Christus Health, was quoted in the release saying that “Attackers are continuing to push the envelope and change the playing field when it comes to healthcare data breaches and attacks. This move from large hospital systems and payers to smaller entities that truly have a deficit when it comes to cyber defenses, shows a massive change in victims and approach. As we continue into 2022, we anticipate attackers to continue to focus on these smaller entities for ease of attack, but also for evasion of media attention and escalation with law enforcement.”

The full report can be accessed here.

Sponsored Recommendations

Trailblazing Technologies: Looking at the Top Technologies for the Emerging U.S. Healthcare System

Register for the first session of the Healthcare Innovation Spotlight Series today to learn more about 'Healthcare's New Promise: Generative AI', the latest technology that is...

Data: The Bedrock of Digital Engagement

Join us on March 21st to discover how data serves as the cornerstone of digital engagement in healthcare. Learn from Frederick Health's transformative journey and gain practical...

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...