By Jeff Wardon, Jr., Assistant Editor

Cyberattacks of all types are not only dangerous, but they are also increasingly common and costly. Henry Ford Health faced these in the fallout from a data breach in 2023 and the resulting class action lawsuit filed against them. 

Henry Ford Health agreed to a $700,000 settlement over a data breach class action lawsuit, according to court records. The lawsuit came after the healthcare organization began notifying individuals in July 2023 affected by a March 2023 data breach, which may have involved their compromised protected health information. Some of the individuals filed a class action lawsuit against Henry Ford Health in July 2023, alleging that the organization was responsible for the incident since they didn’t properly protect the information. While Henry Ford Health agreed to settle, they haven’t admitted to any wrongdoing in the case.  

The March 2023 data breach was the result of a phishing attack on the organization, as some of the patient information was contained in affected email boxes. 

Related: Healthcare Cyber Incidents by the Numbers

Phishing attacks such as the one Henry Ford Health experienced are growing more common. In fact, a survey from Spacelift says 94 percent of respondents experienced phishing attacks in 2023.  The report also revealed: 

• 95 percent of data breaches were driven by financial motivations. 
• 74 percent of phishing attacks that succeeded were somewhat due to human error. 
• In Q3 2023, 493.2 million phishing attacks were documented, which was up from 180.4 million from Q2 2023. 
• Among the security managers surveyed, 91 percent were not confident about the efficacy of standard security training. 
• Since ChatGPT’s release in November 2022, the number of phishing emails has increased by 1,265 percent. 

With the prevalence and risks of phishing, healthcare facilities must know how to detect and protect themselves from these attacks. The U.S. Federal Trade Commission (FTC) recommends four ways to shield oneself from phishing attempts: 

• Protect computers by making use of security software and set it to update automatically. 
• Protect cell phones by setting their software to update automatically. 
• Protect accounts by setting up multi-factor authentication (MFA), which requires two or more credentials to log in to an account. These extra credentials come in three types: 
  • Something one knows (such as a passcode, PIN or a security question answer) 
  • Something one has (such as a one-time verification passcode received via text, email or an authenticator app) 
  • Something one is (such as a fingerprint, retina or face scan) 
• Protect data by backing it up, both on computers and cell phones. 

Jeff Wardon, Jr., is the assistant editor for the facilities market.