14M patients affected by healthcare data breaches in 2024

At least 14 million patients in the U.S. have been affected by healthcare data breaches in 2024 so far, a threat brief by cybersecurity company SonicWall revealed. What's more, 91% of the healthcare data breaches that SonicWall researchers analyzed involved ransomware, highlighting the continued targeting of the U.S. healthcare sector.

SonicWall based its report on data from SonicWall Capture Labs, which uses machine learning to collect and retain data about attack vectors and threats in real time. The researchers concluded that healthcare remains a top target for exploitation by cyberthreat actors due to its data-driven nature and reliance on sensitive data.

"The rapid adoption of digital tools, AI and platforms during and after the COVID-19 pandemic has expanded the attack surface of healthcare organizations," the report noted. "Our data indicates a significant increase in ransomware attacks targeting the healthcare industry since 2022."

The research highlighted the growing prominence of ransomware actors that specialize in targeting healthcare, such as LockBit and ALPHV/BlackCat. For example, ALPHV/BlackCat claimed responsibility for the attack against Change Healthcare in February 2024, resulting in a massive data breach, a $22 million ransom payment and months of recovery time.

In addition to ransomware, the threat brief highlighted the prevalence of cyberthreat actors targeting healthcare by exploiting critical vulnerabilities. The data suggested that 60% of the vulnerabilities exploited by cyberthreat actors specifically targeted Microsoft Exchange, a widely used tool in healthcare.

For example, ransomware groups have been observed exploiting ProxyShell Exploit Chain and ProxyLogon vulnerabilities to gain access to servers and deploy ransomware. Some groups chain these vulnerabilities together to further strengthen their attack methods.

Other notable vulnerabilities targeted in the healthcare sector include the Citrix Bleed vulnerability and the PaperCut vulnerability. Unpatched vulnerabilities or reactive patching can leave healthcare organizations more vulnerable to the exploitation of these flaws.

The growing threat of ransomware and data breaches in healthcare has been well-documented by private cybersecurity companies and government entities alike. For example, in October 2023, HHS' Office for Civil Rights (OCR) stated that there was a 239% increase in large breaches reported to OCR involving hacking and a 278% increase in ransomware.

Defending against these mounting threats requires a proactive, multilayered approach, the SonicWall report suggested. A strong patch management program, strong authentication protocols and continuous monitoring can help healthcare organizations mitigate the risk of data breaches and protect patient information.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.