A record amount of patient data was compromised last year due to cybersecurity incidents in the healthcare industry. With stresses including persistently underfunded security measures, the potential for Russian cyberattacks, and the development of an “exceptionally aggressive” ransomware gang in 2022, external threats like ransomware continue to be a source of worry in the sector.
Given that workers are responsible for nearly two-fifths of breaches, the Verizon research advises firms to look closely at their internal policies as well.
The Data Breach Investigations Report is based on information gathered from businesses that experienced cyber attacks between November 2020 and October 2021.
The top three causes of healthcare data breaches, according to the research, remained the same from the year before despite a change in their order.
76% of breaches in the healthcare sector were caused by simple web application assaults, random mistakes, and system penetration.
Although faults continue to be a major issue, basic web application assaults, or attacks against a web-facing program, now account for around 30% of breaches, surpassing other types of problems.
Roughly 26% of breaches involved system incursion, which are sophisticated operations that use malware or hackers to accomplish their goals. About 21% of all security breaches were the result of random mistakes or inadvertent activities that directly impacted information security.
Despite not being a major contributing element in many events, Verizon discovered that privilege abuse—incidents brought on by workers’ unauthorized or malicious use of valid privileges—is three times more common in healthcare breaches than in other sectors.
“Internal actors accessing healthcare organizations’ data without authorization has been a long-standing issue. The research stated that even if it is no longer among the top trends in healthcare, the issue should not be written off as resolved.
Nearly 60% of the data stolen in healthcare breaches was personal information, while 46% was medical information. For the second year in a row, Verizon discovered that personal data was compromised more frequently than medical data.
The causes of this development are unknown, but they may indicate that businesses have strengthened the security surrounding medical data without providing analogous safeguards for personal data.
It could also imply that hackers are less interested in obtaining private medical data.
“Do we now see this as the standard for the one sector with a wealth of medical data? Is this because the actors are just starting to utilize encryption without thinking about the kinds of documents they are blocking access to? Only individuals who work in the sector can definitively say if they have tightened the safeguards surrounding their medical data while leaving their personal data in the waiting area, according to the research.
According to research, there were 849 incidents and 571 breaches in the healthcare sector last year. Healthcare ranked behind education, information, manufacturing, and public administration in terms of occurrences alone, but it also lagged behind the financial and professional sectors in terms of events and breaches.
