Cyber Attacks Shift to Target Smaller Hospitals

Healthcare providers represent 73 percent of total breaches.

By HFT Staff


Critical Insight announced the release of the firm’s H1 2022 Healthcare Data Breach Report, which analyzes breach data reported to the U.S. Department of Health and Human Services by healthcare organizations. 

With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, H1 2022 saw an interesting change in targets as attackers moved from large hospital systems and payers — big targets that would likely yield the most data but also have more sophisticated defenses — to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size or budget. 

Aside from this change in victim focus, attackers this half of the year hit the jackpot, with the Eye Care Leaders EMR breach, which exposed more than 2 million records. This trend of focusing on a systemic technology that is used across most healthcare providers is a trend that will continue throughout the remainder of 2022. 

Among the report’s key findings are these: 

  • Total breaches are declining. The number of reported breaches crested during the second half of 2020 when organizations were so distracted by the pandemic that attackers had an easier time breaching their defenses. Since then, the total number of breaches has slowly but steadily declined, from the peak of 393 to 367 in the first half of 2021, 344 in the second half of 2021, and 324 in the first half of this year. 
  • Total individuals affected. The latest numbers are encouraging, with roughly 20 million individuals affected in the first half of 2022, representing the third consecutive quarter of declining numbers, a 10 percent drop compared to the prior six-month period and 28 percent less than the first half of 2021. 
  • Who is getting breached? Healthcare providers represent 73 percent of total breaches, business associates represent 15 percent, and health plans 12 represent percent. The interesting trend is that breaches associated with healthcare providers dropped from 269 in the first half of 2021 to 238 in the first half of 2022. 
  • Most common breach causes. Hacks associated with network servers declined from a peak of 67 percent in the first half of 2021 to 57 percent in the first half of 2022. But electronic medical record-related breaches soared from zero in the first half of 2020 to nearly 8 percent of all breaches in the first half of 2022. 
  • When we look at which segments of the healthcare ecosystem had hacking/IT Incident type breaches, we’re now seeing smaller hospital systems and specialty clinics rising to the top. Breaches associated with health plans decreased by 53 percent, but attacks against business associates jumped by 10 percent, and attacks against providers went up 15 percent. 


August 31, 2022


Topic Area: Security


Recent Posts

Disinfectant Dispensers in Healthcare Facilities Often Fail to Deliver Safe Concentrations: Study

Study of 10 hospitals finds 90 percent have at least one dispenser delivering disinfectants at incorrect concentrations.


Duke University Health System Receives $50 Million for Proton Beam Therapy Center

The donation is the largest philanthropic gift received by Duke University Health System.


UT Southwestern Experiences Data Breach Through Calendar Tool

The incident occurred in October.


Protecting Patient Data: Strategies and Tactics

As cyber threats and breaches grow, healthcare organizations and facilities need a better approach to cybersecurity.


Duke Health to Acquire Lake Norman Regional Medical Center

The closing is projected for the first quarter of 2025.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.