Record 40 Million Individuals Exposed in Healthcare Cyber Breaches Despite Overall Decline
SEATTLE (BUSINESS WIRE) ‒ Critical Insight, the Cybersecurity-as-a-Service provider specializing in helping critical organizations Prepare, Detect, and Respond in today’s threat environment, today announced the launch of its H1 2023 Healthcare Data Cyber Breach Report. In this report, Critical Insight builds on its biannual analysis of data breaches reported by healthcare organizations to the U.S. Department of Health and Human Services (HHS).
Critical Insight unveils the state of cybersecurity in the healthcare industry and its complex dynamics through a comprehensive analysis of current cyber threats. Notably, the report revealed a decrease in total breaches but an increase in the number of individuals affected; the focus of attacks on the supply chain and third-party associates; and, particularly noteworthy, the shift in some attackers' strategies from encryption to extortion.
“The results of this analysis support the hypothesis that cybercriminals are continually evolving their tactics to minimize risk and maximize the return on effort,” said Mike Hamilton, Founder and CISO at Critical Insight. “Focusing on business associates that perform a service for covered entities should give all these providers pause. Fines, additional regulatory scrutiny, class actions, and enforcement of the false claims act will affect these organizations for years.”
While the first six months of the year saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels. The report found that 2023 is on pace to break the record for individuals affected by breaches.
Critical Insight's analysis of breach data supplied to HHS reveals the following key findings.
“Our report found that hackers are increasingly targeting the weakest links and vulnerable points in the supply chain, specifically business associates or third-party companies, that offer services to healthcare organizations emphasizing the importance of effective incident response planning and proactive defense strategies,” said John Delano, Healthcare Cybersecurity Strategist at Critical Insight and Vice President at CHRISTUS Health. “Now more than ever, healthcare organizations must remain vigilant of their security and exposures within their supply chain as attackers constantly adapt new strategies.”
To adequately prepare, organizations should: start with an incident response plan and a NIST-CSF-based risk assessment to build a multi-year strategy; track the cyber hygiene of its critical partners essential to maintaining a more secure environment; place robust focus on safeguarding third-party vendors, business associates, and suppliers from vulnerabilities; ensure support from the board, emphasizing the most critical impact for the investment.
To download the report, please visit https://cybersecurity.criticalinsight.com/healthcare-breach-report-h1-2023.
About Critical Insight
Critical Insight is the only cybersecurity-as-a-service provider that prepares, monitors and responds to cyber threats, going beyond SOC-as-a-service offerings typical of Managed Detection and Response (MDR) offerings. With a focus on organizations that deliver critical services – hospitals, local governments, utilities, school systems, and more – we provide end-to-end support to those with limited security teams or budgets to handle threats proactively and as they occur. Based in Bremerton and Seattle, Washington, Critical Insight is a venture-backed company founded by former CISOs in the public sector. We are committed to training new analysts and providing the most up-to-date cybersecurity protection.
Critical Insight Media Inquiries:
Jake Milstein
Critical Insight
206-347-0588
jake.milstein@criticalinsight.com