Healthcare data breaches down for the first half of 2023, but more people are affected.
Critical Insight’s 2023 Healthcare Breach Report delivers both good and bad news. While data breaches within the healthcare sector are on pace to be the lowest since 2019, the actual number of people affected in breaches is expected to surpass all previous years.
The report reveals that within the first half of 2023, 40 million Americans were impacted by 308 reported healthcare data breaches. In comparison to 2021 – when data breaches hit an all-time high – 58 million people were affected by data breaches for the entire year.
The increased number of records impacted is not only alarming, it also proves that cyber thieves have become more strategic in their attacks, gaining better results with fewer attempts.
Mike Hamilton, MS, CISSP, chief information security officer of Critical Insight, states that
“what seems to be going on is better targeting by criminals. These are basically illegal corporations, and they need to minimize risk, maximize their return on their effort.”
Hackers have had great success maximizing their efforts by using ransomware as an attack mode – ransomware accounts for 54% of all cybersecurity threats in healthcare. Attackers monetize PHI and sell on the Dark Web or hold an entity ransom, threatening the ability to provide patient care.
Data Breach Costs Soar Across All Industries
Patient records are a treasure trove of sensitive data, so it is no surprise that healthcare experiences the highest cost per data breach – 13 years in a row per IBM’s Cost of Data Breach Report – at an average of $10.93 million.
But other industries are also feeling the pain of costs surrounding data breaches. One cloud computing company fell victim to a ransomware attack in November of 2022, and originally reported that hackers gained access to personal data of 27 of its 30,000 customers. Today, Dark Reading reported that the same company has faced $10.8 million in recovery costs including investigation, remediation, staff resources and lawsuits surrounding the breach.
Regardless if data is stored within a network, in the cloud, or a hybrid of both, keeping track of where data resides and who has access is a challenge for any business. Security experts like Security Intelligence stress the importance for organizations to fortify their defenses – a “defending the fort” strategy that helps to secure data with best practices such as:
- Implementing Multi-Factor Authentication (MFA)
- Conducting Regular Security Awareness Training
- Focusing on Data Protection Measures – VPN, Strict Controls, Software Updates
- Collaborating With Financial Institutions and Law Enforcement
These practices are important steps to keep network parameters secure, but as the data breach reports reveal, cyber thieves are always finding new ways to hack into an organization’s system. Additional security measures, such as focusing on strong data encryption “devalues the data”, rendering it useless to hackers in the event of a breach.
Bluefin safeguards sensitive data from attacks every time your business gets paid, helping you process, defend, and devalue sensitive information that’s exchanged, while protecting you and your customers when data breaches happen. Learn how you can devalue your data with Bluefin.