- Some 337 breaches impacting 500 or more records have been reported to the HHS Office of Civil Rights so far this year, suggesting a slowdown from last year’s record health data breaches, according to a new report from cybersecurity firm Fortified Health Security.
- Healthcare providers saw the largest share of breaches at 72%, followed by business associates and health plans, which experienced 16% and 12% of all breaches in the first half of 2022 respectively, according to the report.
- Malicious attacks were the No. 1 cause of breaches for the sixth year in a row, with the percentage of incidents linked to hacking or IT incidents growing from 73% last year to nearly 80% of reported incidents, the report found.
Cyber criminals are continuing to target the healthcare industry, enticed by troves of records containing patients’ detailed personal information.
Fewer breaches have occurred so far this year than in 2021, when 368 were identified at the mid-year point, according to the report. Last year broke records for the number of patients whose data were affected by cyberattacks, according to cybersecurity firm Critical Insights.
The two largest breaches this year identified on HHS’ portal include one at New England medical imaging and outpatient surgical services provider Shields Health Care Group in March that exposed the data of 2 million patients.
Another hit a Colorado-based debt collections agency, Professional Finance Company, in February — potentially exposing almost 2 million patients' data and prompting the company to notify more than 650 of its healthcare provider clients that their records may have been compromised.
In the first half of the year, hacking and IT incidents accounted for 80% of breaches. Unauthorized access or disclosure accounted for 15% and loss, theft or improper disposal of records accounted for 5%, according to Fortified’s report.
Many organizations have been slow to adopt cybersecurity measures, while some have begun doing so over the past few years.
But attacks are becoming more sophisticated, “and it’s happening at a time when our industry continues to face a severe human capital shortage,” Dan Dodson, CEO of Fortified Health Security, said in a release on the report.
Artificial intelligence and machine learning technology is one available tool systems can leverage, the cybersecurity firm said.
Healthcare organizations that adopt security AI and automation can catch and put an end to breaches 27% quicker than those without such technology, according to the report.
For those employing the technology, breaches took 184 days to identify and 63 days to fully contain, according to the report.
For those without it, breaches took 239 days to identify and 85 days to contain.
Other tools systems can use include developing incident response plans and undergoing penetration testing, Dodson said in the release.