H1 Healthcare report: Breaches down, victims up

Critical Insight has released its 2023 H1 Healthcare Data Breach Report, which despite an overall decrease of 15% in total breaches during the first half of 2023, there was a 31% increase in the number of individuals impacted by those breaches compared to the 2nd half of 2022.  

The decline in the number of breaches is a positive development and suggests a potential downturn in overall breaches for 2023, the lowest breach count since 2019. Unfortunately, the positivity is counterbalanced by the 40 million individuals impacted within six months, which is 74% of the total affected in 2022.  

  • 73% of the primary causes of the breaches were centered around hacking and IT incidents while unauthorized access and disclosure followed as the second most prominent
  • 97% of the compromised individual records were a result of exploited network server vulnerabilities

Also noteworthy is the increased targeting of the industries third-parties (48%) which surpassed those directly impacting the healthcare providers and health plans (43%). Also, of individuals affected, 50% were connected to a third party.

George McGregor, VP, Approov had this to say:   

“The percentage increase in breaches of healthcare business associates rather than core healthcare providers is in fact a worrying trend.  This may be related to increased adoption of open APIs (e.g. FHIR) to healthcare data. The security of the mobile apps and separate entities accessing healthcare APIs  has been previously flagged in a number of reports as a potential entry point for hackers.”

Healthcare is one of those prime targets for threat actors. Thus those in that sector need to do everything possible to make sure that they do not continue to be a prime target.

Leave a Reply

%d bloggers like this: