40 million individuals exposed in healthcare data breaches
Despite an overall decline in the number of healthcare data breaches, the first half of this year has seen a record number of individuals have their information exposed.
The latest Healthcare Data Cyber Breach Report from security-as-a-service provider Critical Insight shows individual records compromised in data breaches increased by 31 percent in the first half of 2023 compared to the second half of 2022.
The number of individuals affected increased from 31 million in 2H 2022 to 40 million in 1H 2023. With the first half of this year at 40 million, the number in just a six-month reporting period is already 74 percent of the total number of individuals affected in 2022.
"The results of this analysis support the hypothesis that cybercriminals are continually evolving their tactics to minimize risk and maximize the return on effort," says Mike Hamilton, founder and CISO at Critical Insight. "Focusing on business associates that perform a service for covered entities should give all these providers pause. Fines, additional regulatory scrutiny, class actions, and enforcement of the false claims act will affect these organizations for years."
Total breaches in the sector, however, dropped 15 percent in the first six months of 2023 compared to the second half of 2022, which is a positive trend considering the steady increase in attacks over the past few years. This year is on track to record the fewest breaches since 2019 and experience fewer provider breaches compared to the previous three years.
Of the breaches that have occurred, hacking and IT incidents are the primary cause, accounting for 73 percent of breaches in 1H 2023. Unauthorized access/disclosure was the second-most prevalent breach type. Theft, losing records, and improper disposal were relatively insignificant contributors to data breaches.
The report also reveals a shift in hacker tactics towards targeting network vulnerabilities. Network server breaches are responsible for 97 percent of individual records affected, while only two percent can be attributed to email breaches. There's also been a move to third-party attacks, with 48 percent of exposed records linked to business associates.
The full report is available from the Critical Insight site.
Image Credit: Rob Hyron / Shutterstock