According to a new report from Critical Insight, hackers are increasingly targeting small healthcare companies and specialized clinics that lack the resources to defend themselves.
While large healthcare systems, even despite having a huge amount of personal and medical data, usually have a more complex security system.
By the way, we talked about the fact that hackers used to have other priorities in medicine: Europe’s largest private hospital operator Fresenius attacked with Snake ransomware.
In addition to changing the focus on victim selection, attackers hit the jackpot this semester by hacking the Eye Care Leaders EMR system, exposing more than 2 million data. It is expected that the development of specialization on systems experience, which is used by the majority of healthcare providers, will continue until the end of 2022.
Key findings of the report:
- Overall hacks are down: The number of reported hacks peaked in the second half of 2020, when organizations were so distracted by the pandemic that it was easier for attackers to break into their defences. Since then, the total number of hacks has been slowly but steadily declining, from a peak of 393 to 367 in the first half of 2021, 344 in the second half of 2021, and 324 in the first half of this year.
- Total number of people affected: about 20 million people were affected in the first half of 2022, and this is the third consecutive quarter in which the figures have been declining – 10% less than in the previous half-year period and 28% less than in the first half of 2021.
- Who accounts for? Health care providers account for 73% of all violations, business partners for 15%, and insurance companies for 12%. An interesting trend is that the number of provider-related violations has decreased from 269 in the first half of 2021 to 238 in the same period of 2022.
- Most common causes of hacks: Electronic card (EMR) hacks rose from zero in the first half of 2020 to about 8% of all breaches during the same period this year. Network server hacks still account for the majority of hacks at 57%, although this is down from a peak of 67% in the first half of 2021.
- Looking at which segments of the healthcare ecosystem have been hacked/IT incidents, small hospitals and specialized clinics come out on top. Health insurer-related hacks decreased by 53%, but attacks against business partners increased by 10% and attacks against service providers increased by 15%.