Smaller Hospitals Are Larger Targets for Cyberattacks

Attackers moved from large hospital systems and payers to smaller hospital systems that lack the same level of security preparedness.

By HFT Staff


Even as hospitals and other healthcare facilities have made strides in recent years to improve their cybersecurity defenses, a growing number of attackers have changed the game by targeting a different group of facilities. 

Attackers moved from large hospital systems and payers, big targets that would likely yield the most data but also have more sophisticated defenses, to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size or budget, according to a new report

With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, the first six months of 2022 saw an interesting change in targets, according to the report from Critical Insight, a managed detection and response (MDR) service provider specializing in protecting the networks of life-saving organizations and critical infrastructure. The report, H1 2022 Healthcare Data Breach Report, analyzes breach data reported to the U.S. Department of Health and Human Services by healthcare organizations. 

Aside from this change in victim focus, attackers this half of the year hit the jackpot with the Eye Care Leaders electronic medical record (EMR) breach, which exposed more than 2 million records. 

Among the report’s findings: 

  • Total breaches are declining: The number of reported breaches crested during the second half of 2020 when organizations were so distracted by the pandemic that attackers had an easier time breaching their defenses. Since then, the total number of breaches has slowly but steadily declined, from the peak of 393 to 367 in the first half of 2021, 344 in the second half of 2021, and 324 in the first half of this year. 
  • Total individuals affected are declining: The latest numbers are encouraging with roughly 20 million individuals affected in the first half of 2022, representing the third consecutive quarter of declining numbers, a 10 percent drop compared to the prior six-month period and 28 percent less than the first half of 2021. 
  • Most common breach causes: Hacks associated with network servers declined from a peak of 67 percent in the first half of 2021 to 57 percent in the first half of 2022. But EMR-related breaches soared from zero in the first half of 2020 to nearly 8 percent of all breaches in the first half of 2022. 
  • One trend to watch: Looking at which segments of the healthcare ecosystem had hacking/IT Incident type breaches, the firm is seeing smaller hospital systems and specialty clinics rising to the top. Breaches associated with health plans decreased by 53 percent, while attacks against business associates jumped by 10 percent and attacks against providers went up 15 percent. 


September 20, 2022


Topic Area: Information Technology , Safety , Security


Recent Posts

17 Million Patient Records Stolen in PIH Health Ransomware Attack

A ransomware attack halted operations across three of PIH’s hospitals.


Holidays are Prime Times for Healthcare Cyberattacks

A study found that 86 percent of organizations that experienced ransomware attacks were targeted on a holiday or weekend.


Hartford Healthcare Forms Partnership to Open Health Equity Clinic

The new clinic will open in January 2025.


UCHealth Reveals Plans for Memorial Hospital North Expansion

Construction on the patient tower is slated for 2026 with a projected opening to patients in 2029.


What Are 'Hospi-tels'?

Hospitals and hotels are partnering to better cater to patients and families.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.