88 million People Impacted By Health Data Breaches This Year 

Even with two months left in 2023, more than 88 million individuals have been affected by breaches of private health data according to the Department of Health and Human Services in a breach settlement involving a health information.

Since 2019, there has been a 239% increase in large breaches reported to Office of Civil Rights (OCR) involving hacking, and with two months still left in 2023, the number of people affected by health data breaches has risen by 60% since 2022 with 220 hospitals affected by cyberattacks in just the first half.

Despite researchers and cybersecurity experts warning health systems about the risk that cyberattacks pose to patient care, the last 4 years has seen a 278% increase in ransomware.

“[…] ransomware attacks are increasingly common and targeting the health care system. This leaves hospitals and their patients vulnerable to data and security breaches. In this ever-evolving space, it is critical that our health care system take steps to identify and address cybersecurity vulnerabilities along with proactively and regularly review risks, records, and update policies. These practices should happen regularly across an enterprise to prevent future attacks,” said OCT Director, Melanie Fontes Rainer.

Jan Lovmand, CTO, BullWall offers this comment:

   “Ransomware attacks on hospitals have become a serious threat to public health and safety. These attacks not only disrupt the delivery of essential medical services, postponing critical surgeries and treatments and putting patients’ lives at risk, but also compromise the security of sensitive patient information. The impact of these attacks can be devastating, as they can leave hospitals struggling to recover their data and regain control of their systems. Whether the ransom is paid or not, the costs in dollars and lost patient care severely cripple these already struggling institutions.

   “Hospitals and healthcare organizations are particularly attractive targets for cybercriminals, and their reliance on technology to manage everything from patient records to surgical equipment makes them uniquely vulnerable. This is compounded by their limited resources to invest in cybersecurity measures. But with ransomware continuing to be a significant threat to these organizations, investments must be made to contain these attacks, eliminating the need to resort to a complete shutdown of IT systems, and healthcare services.”

Dave Ratner, CEO, HYAS follows with this:

“Healthcare organizations are increasingly under attack because of the value of the data they hold.  In addition to regularly reviewing risks, records, and updating policies, organizations need to assume that they will be breached and ensure that they have the required visibility internally to detect a breach, isolate it, and shut it down before the criminals exfiltrate and/or encrypt data.  Ensuring that they are resilient to breaches is the only path forward.”

While it’s been known for a while that healthcare is a prime target for threat actors, I have to admit that I never imagine that it would be so bad to have 88 million people affected by breaches related to health care.

And counting seeing as the year isn’t over yet.

Leave a Reply

%d bloggers like this: