Is Healthcare Cybersecurity Getting Worse?
Despite a minor decrease in the number of attacks against healthcare organizations from 2021 (715 breaches) to 2022 (707 breaches) the severity of attacks by records compromised, continued to increase.
The breach of OneTouchPoint Inc. saw 4,112,892 records compromised. It was the largest healthcare data breach of 2022 and the 9th largest of all time. The breach of Advocate Aurora Health saw more than 3 million patients’ data compromised. It was the 2nd largest healthcare breach of 2022 and the 10th largest of all time.
Other study results indicated that:
Third-party Vendors a Primary Cause of Healthcare Data Breaches
The report found that insecure third party vendors were a consistent cause of high impact data breaches. Both the worst healthcare breach of 2022, and the second worst of all-time came as a result of Business Associates failing to properly secure patient information.
Dark Web Incentivizing Healthcare Cyberattackers
The report found that patients healthcare data obtained through cyberattacks is most commonly sold. On the dark web, an individual healthcare record can be worth as much as $250. According to the report’s author Aaron Weissman, “A complete medical record contains all of a someone’s personal identifying information. That information can be used to register identification documents or apply for credit cards. Even incomplete medical records can be aggregated with other stolen information to create a complete individual identity profile.”
Basic Cybersecurity Practices Lacking in Healthcare
The report challenges the narrative that the increasing severity of cyberattacks is a result of the increasing sophistication of malicious actors. In many of the worst data breaches on record, investigators found that even basic cybersecurity practices were lacking.
In the worst healthcare breach of all time, investigators cited “a lax credential management policy and a lack of a risk management program” as a causal factor in the attack. The second largest healthcare data breach of all time, was “determined to have occurred because of the lack of a cybersecurity program.”
To see the complete findings, including a full breakdown of the largest healthcare breaches by records stolen, and damage incurred, with full color charts, please see visit the study here.
About Network Assured
Network Assured is a free, independent advisory that helps businesses price cybersecurity services, perform due diligence, and find better vendors. Learn more at www.NetworkAssured.com.
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.
Leave a Reply