Last year, cybersecurity events in the healthcare sector resulted in a record quantity of patient data being exposed. External threats such as ransomware continue to be a cause of concern in the industry due to pressures such as consistently underfunded security measures, the possibility of Russian cyberattacks, and the emergence of an “exceptionally active” ransomware gang in 2022.
The Verizon analysis recommends businesses carefully examine their internal procedures as well, given that employees are accountable for almost two-fifths of breaches.
Based on information obtained from organizations that faced cyberattacks between November 2020 and October 2021, the Data Breach Investigations Report was created.
Despite a shift in their ranking from the previous year, the research found that the top three reasons for healthcare data breaches did not alter.
Simple online application attacks, unintentional errors, and system penetration accounted for 76% of breaches in the healthcare industry.
Even though errors are still a big concern, attacks against web-facing programs, or simple web application assaults, now makeup around 30% of breaches, outpacing other kinds of issues.
System incursions, which are complex operations that utilize malware or hackers to achieve their objectives, accounted for around 26% of breaches. The cause of about 21% of all security breaches was unintentional or random behavior that adversely affected information security.
Verizon found that privilege abuse—incidents caused by employees’ unlawful or malicious use of valid privileges—is three times more frequent in healthcare breaches than in other industries, while not being a key contributing factor in many cases.
“Access to healthcare organizations’ data by inside actors without authority has long been a problem. According to the study, even if it is no longer one of the most popular healthcare trends, the problem shouldn’t be dismissed as fixed.
The personal information made up over 60% of the data taken in healthcare breaches, while medical data made up 46%. Verizon found that personal data was hacked more frequently than medical data for the second year in a row.
Although the reasons for this increase are unknown, they could be a sign that companies have improved the security surrounding medical data without offering comparable protections for personal data.
Do we now regard this as the standard for the one area with a plethora of medical data? It may also suggest that hackers are less motivated to get sensitive medical data. Is this a result of the actors only recently beginning to use encryption without considering the types of data they are preventing access to? According to the study, only people who work in the industry can absolutely state if they have tightened the security measures surrounding their medical data while leaving their personal information in the waiting room.
849 incidences and 571 breaches in the healthcare industry occurred last year, according to statistics. Healthcare fell behind the financial and professional sectors in terms of events and breaches, as well as education, information, manufacturing, and public administration in terms of occurrences alone.
