Getty Images/iStockphoto

Health Sector Suffered 337 Healthcare Data Breaches in First Half of Year

Providers accounted for the highest number of healthcare data breaches so far this year, followed by business associates and health plans.

Fortified Health Security’s mid-year report on the state of healthcare cybersecurity observed slight shifts in healthcare data breach trends in the first half of 2022. The HHS Office for Civil Rights data breach portal showed that there have been 337 healthcare data breaches impacting more than 500 individuals each in the first half of this year, signifying a slight decrease from 368 at this time last year.

“While the number of healthcare cybersecurity reported breaches has leveled off after meteoric rises over the past several years, hospitals and health systems still cannot breathe a sigh of relief,” the report stated.

“The percentage of healthcare breaches attributed to malicious activity rose more than 5 percentage points in the first six months of 2022 to account for nearly 80 [percent] of all reported incidents.”

Fortified Health Security studied incident response, cyber program effectiveness, the MITRE ATT&CK framework, and the growing prevalence of artificial intelligence (AI) in cybersecurity to inform its mid-year report.

In its analysis of the OCR data breach portal, the organization found that healthcare providers accounted for 72 percent of the healthcare data breaches in the first half of the year, followed by business associates at 16 percent and health plans at 12 percent.

Despite 2022 numbers plummeting down by about 40 percent in terms of number of records affected compared to 2021, the number of records of affected in the first half of this year was 138 percent higher than the first half of 2020. More than 19 million records have been implicated in healthcare data breaches so far this year.

“Equally disturbing is the small number of healthcare entities responsible for a large percentage of breached records,” the report continued.

“Seven entities experienced breaches of more than 490,000 records each, which account for 6.2 million records — 31 [percent] of the 2022 totals so far. Affected entities included a Florida hospital (1.35 million records), an imaging provider (2 million records), a California health plan (854,000 records), a business services provider (500,000 records), and a billing company (510,000 records). Attackers know where they can achieve the most bang for their nefarious buck.”

Hacking/IT incidents accounted for 80 percent of incidents in the first half of 2022 compared to 73 percent at this time last year. Unauthorized access/disclosure accounted for 15 percent of breaches, and loss, theft, or improper disposal accounted for only 5 percent of breaches.

The report cited the healthcare sector’s ongoing cybersecurity workforce shortage and problems with obtaining cyber insurance as some of the potential contributing factors to the current breach trends.

To combat these challenges, the report suggested that healthcare cybersecurity professionals engage in regular vulnerability scans and penetration testing to safeguard data and prevent cyberattacks.

“The cybersecurity exercise, known as red teaming, uses the same tactics that bad actors deploy during their attempts to infiltrate healthcare IT systems,” the report explained.

“Tactics could include targeted spear phishing, social engineering, or the exploitation of any vulnerability the red team discovers during their simulated cybersecurity attack. Like an MRI or a blood test, the red team cybersecurity exercise is diagnostic in nature, designed to test the resilience of your healthcare cybersecurity program.”

In addition, researchers suggested that healthcare organizations consider implementing emerging AI and machine learning (ML) security offerings to bolster cyber infrastructure. For example, organizations may consider using security information and event management (SIEM) platforms, which consume log data from firewalls, email security systems, and endpoint security systems to produce insights about threat prioritization.

“The emerging importance of AI/ML security technologies doesn’t mean hospitals must rip-andreplace software and completely redesign workflows,” the report also noted.

“Any investment involves tradeoffs among what a tool is expected to do, its cost, and the time/effort required to deploy that tool effectively throughout the organization. Depending on an organization’s size and IT maturity level, some technologies — however effective — may not be worth that time/money/effort.”

Organizations should consider how labor shortages are impacting their IT staff, what technologies could help ease the burden on a short-staffed team, and how new technologies will be implemented.

The report also recommended that healthcare organizations use the open-source MITRE ATT&CK to understand gaps in detection and response, mature their cyber infrastructure to prepare for major intrusions, and implement a strong incident response plan and employee training.

Next Steps

Dig Deeper on Cybersecurity strategies