High-risk sectors for cyber attacks.
As the number of healthcare data breaches and cyber-attacks continues to rise, it’s imperative to understand the most concerning statistics from the last 12 months. Healthcare organizations, including hospitals, care centers, and pharmacies, are prime targets for cybercriminals because they handle vast amounts of personal and sensitive data that can be of high value to criminal groups. Additionally, many healthcare organizations do not have the financial resources to invest in cutting-edge security technologies, making them easier targets for various types of cybercrime.
The COVID-19 pandemic has added to the challenges faced by the healthcare industry, with cybercriminals exploiting the situation to target both individual and nation-state-backed groups. Here, we take a closer look at 25 of the most alarming data breaches in the healthcare sector, focusing on five key areas.
Key Healthcare Data Breach Statistics: In 2021, more than 40 million patient records were compromised in the United States, leading the FBI to issue warnings about the risk of cybercrime in the healthcare sector. A report from Protenus found that over 50 million patient records were breached last year, with a 44% rise in the number of hacking incidents in healthcare organizations. The largest data breach reported in 2021 affected over 3 million individuals, with a total of 22.6 million patients affected by healthcare data breaches.
In the United States, there were over 600 reported healthcare breaches in 2021, with data breaches in the healthcare sector increasing by 42% in 2020, particularly with 60% of reported ransomware attacks targeting the sector.
Which Sectors Are Most At Risk From Healthcare Cyber-Attacks?
A survey of 100 hospital IT executives revealed that small and mid-sized hospitals are the most vulnerable to cyber-attacks, with 48% of executives reporting that their organization had been forced to shut down due to a cyber-attack in the past six months. For larger hospitals, the average shutdown time was over 6 hours, costing $21,500 per hour, while smaller hospitals regularly saw shutdowns lasting over 9 hours, at a cost of $47,500 per hour.
Third-party organizations were found to be frequent targets of cybercriminals, with 60% of healthcare data breaches in 2021 caused by third-party vendors. Medical suppliers were also a common target, while pharmaceutical companies saw a rise in data breaches, with 53% caused by malicious activities. Care homes were also high-value targets for cybercriminals due to their low security budgets and valuable personal data.
In Europe, healthcare data breaches related to cybercrime continue to rise, with the UK experiencing the WannaCry ransomware attack in 2017, which led to increased cybersecurity controls. The German government reported a doubling of healthcare cyber-attacks in 2020, with France reporting 27 breaches last year.
What Cyber Threats Are Healthcare Organizations Most At Risk Of? Ransomware: Healthcare organizations are most at risk from ransomware attacks, with 68 ransomware attacks taking place globally between July and September of last year, 60% of which occurred in the United States, with medical clinics being the most frequently targeted. A report from Sophos found that 34% of healthcare organizations globally were affected by ransomware in 2020, with 65% reporting successful encryption by cybercriminals and 34% paying the ransom to regain access to their data.
The average cost of remediation for a ransomware attack in healthcare is $1.27 million, with the average total cost per incident being $4.6 million. The healthcare sector saw a 45% increase in ransomware attacks in 2021, with 41% of healthcare organizations who have not yet been targeted believing they are likely to be in the future. Tragically, ransomware attacks can result in patient deaths due to hospital database and equipment shutdowns.
Additionally, it is important for healthcare organizations to regularly update and patch their systems to address any vulnerabilities. Conducting regular security audits and risk assessments can help to identify any potential weaknesses in the system and ensure that appropriate measures are in place to address them.
Encryption of sensitive data is also a crucial step in preventing data breaches. This helps to ensure that if the data is somehow accessed by unauthorized individuals, it will be unreadable and thus useless to them.
It is also important for healthcare organizations to have an incident response plan in place, so that in the event of a data breach, they are prepared and can respond quickly to minimize the damage. This should include steps for identifying and containing the breach, notifying affected individuals and authorities, and conducting a thorough investigation to determine the cause of the breach.
Finally, healthcare organizations should also have robust backup and disaster recovery procedures in place, to ensure that they can quickly recover from any data loss or disruption. This includes regularly backing up sensitive data and storing backups in a secure, off-site location.
