Quality Over Quantity? An Intriguing Study on Healthcare Data Breaches
POV: It's finally the weekend. Zach Bryan just dropped his new self-titled album, you are watching the clock hit 5 PM, and you're anticipating the moment this evening where you can finally kick back, relax, enjoy a beverage or the company of friends, and be STRESS FREE!
Unless you're a healthcare professional.
Okay, I'm sorry. I know... #killjoy
But listen, I give it to you straight in this newsletter, and on this week's installment of #CyberFriday, we are going to take a look at the recent Healthcare Breach Report from Critical Insight. You can download it here, as long as you're cool with getting solicited emails. Oh, the things I do for you guys/gals.
So, here's the overview: although the first half of 2023 saw a drop in the overall number of data breaches in the healthcare space, there were a couple of heavy-hitting breaches that caused a major uptick in the overall number of individuals affected by those breaches.
Here are some numbers you might want to pay attention to:
(FYI: H1 and H2 just mean first half of a year and second half of a year, respectively)
These are the historical breach numbers over the past few years:
2021: H1 - 367; H2 - 344
2022: H1 - 349; H2 - 363
2023: H1 - 308
Hmm... so there have been, on average, 356 breaches in the past 4 half-years, and now we are seeing a 13.5% decrease for the first half of this year. Conversely, however, the number of affected individuals went from 31 million in H2 of 2022 to 40 million in H1 of 2023.
But why?
To understand why, I think you first must understand how data breaches can happen.
According to the Critical Insight report, there are 5 types of breaches:
领英推荐
This is the crazy part. Hacking & IT incidents accounted for a whopping 73% of breaches in the first half of 2023. Now, we know that healthcare, and more specifically, healthcare providers, are a common target for hackers because of the potential profit they could pocket. But the thing that makes 2023 different from the historical attack landscape is that the angle hackers are taking is starting to change.
Rather than looking to access a healthcare's direct network, we're now witnessing a rise in... let's call them adjacent attacks. What I mean by adjacent attacks is: business partners, third-parties, joint-ventures, etc. Basically, if the hackers can breach the healthcare organizations' partners, then they may find backdoors into the organizations' networks, or at least gain unauthorized access to personal health records.
In essence, there are less attacks, but more people affected by those attacks. And vulnerabilities are spread across a more consolidated healthcare industry.
Moreover, when considering the healthcare segments being targeted, here are the rankings from most targeted to least for the first half of '23.
So, what should healthcare organizations do to stay protected and avoid data breaches as we head into the last quarter of 2023?
Well, first and foremost would be to prepare. prepare. prepare. Never assume that your incident response plan is full-proof, especially if you haven't tested it in some time. Remember that the faster you discover an attack event, the lesser the chances are for something to become detrimental.
Another tip is to differentiate normal logs versus suspicious activity on your endpoints and servers. Investing in a SOC (Security Operations Center) or MDR (Managed Detection and Response) solution can help to outsource the labor of monitoring these logs.
Finally, I would ensure that you choose a partner you really trust. Not only should you trust in your partner's abilities to service your IT environment from top-to-bottom, but you also need to trust the people that comprise your partner organization.
Alrighty, folks. That's the size of it for this week. Try to still enjoy your weekend, healthcare professionals.
#healthcareIT #cybersecurity #databreach #hacking #network #specialty #healthcare #hospital #systems #SOC #MDR #partnerships