Healthcare attackers switch to smaller targets

While large healthcare providers have lots of juicy data to tempt cybercriminals, they are also likely to have strong defenses.

It's not too surprising then that a new report from managed detection and response provider Critical Insight shows that in the first half of this year attackers have shifted their attentions to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget.

"Attackers are continuing to push the envelope and change the playing field when it comes to healthcare data breaches and attacks," says John Delano, healthcare cybersecurity strategist at Critical Insight and vice president at Christus Health. "This move from large hospital systems and payers to smaller entities that truly have a deficit when it comes to cyber defenses, shows a massive change in victims and approach. As we continue into 2022, we anticipate attackers to continue to focus on these smaller entities for ease of attack, but also for evasion of media attention and escalation with law enforcement."

Among other findings, overall breaches have declined since 2020, from a peak of 393 to 367 in the first half of 2021, 344 in the second half of 2021, and 324 in the first half of this year. This equates to roughly 20 million individuals affected in the first half of 2022, representing the third consecutive quarter of declining numbers, a 10 percent drop compared to the prior six-month period and 28 percent less than the first half of 2021.

Within the sector healthcare providers represent 73 percent of total breaches, business associates 15 percent, and health plans 12 percent.

When looking at the underlying cause of breaches, hacks associated with network servers declined from a peak of 67 percent in the first half of 2021 to 57 percent in the first half of 2022. But electronic medical record-related breaches soared from zero in the first half of 2020 to nearly eight percent of all breaches in the first half of 2022.

The full report is available from the Critical Insight site.

Image credit: scanrail/

Comments are closed.

© 1998-2023 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.