“Unveiling the Unseen: Critical Insight’s Provocative H1 2023 Report”

Report Highlights Decrease in Total Breaches, but Increase in Individuals Affected

In its newly released H1 2023 Healthcare Data Cyber Breach Report, Critical Insight, a leading cybersecurity-as-a-service provider, reveals the current state of cybersecurity in the healthcare industry. The report highlights a decrease in the total number of breaches, but a concerning increase in the number of individuals affected. Furthermore, it uncovers a shift in attackers’ strategies from encryption to extortion and emphasizes the growing focus on supply chain and third-party associates as targets of cyberattacks.

Breach Numbers Decrease, but Individuals Affected Reach Record Levels

The report shows a promising trend with a 15% decrease in total breaches during the first six months of 2023 compared to the second half of 2022. This suggests that the overall number of breaches in 2023 may be the lowest since 2019. However, this positive news is overshadowed by the fact that the number of individuals affected by data breaches has significantly increased. In just the first half of the year, there was a 31% surge in compromised individual records compared to the second half of 2022. The number of individuals affected reached a record high of 40 million, putting 2023 on track to break the previous year’s record.

Hacking/IT Incidents Remain the Primary Cause of Data Breaches

Hacking and IT incidents continue to be the leading cause of data breaches in the healthcare industry, accounting for 73% of breaches in the first half of 2023. However, unauthorized access and disclosure have become the second-most prevalent breach type during this reporting period. Theft, accidental loss of records, and improper disposal play a relatively insignificant role in data breaches.

Hackers Target Network Vulnerabilities and Third-Party Business Associates

The report emphasizes the evolving tactics of hackers, who now focus on targeting network server vulnerabilities. Network server breaches were responsible for a staggering 97% of the individual records affected. In contrast, email breaches accounted for only 2%. Hackers have also intensified their attacks on third-party business associates, which exceeded the number of individuals affected in breaches related to healthcare providers and health plans. This highlights the importance for healthcare organizations to strengthen incident response planning and proactive defense strategies to protect their supply chain and mitigate vulnerabilities.

Expert Opinion and Advice

Mike Hamilton, Founder and CISO at Critical Insight, warns that healthcare organizations should be concerned about the consequences of breaches impacting their business associates. Fines, regulatory scrutiny, class actions, and enforcement of the false claims act can have long-lasting effects on these organizations. Healthcare Cybersecurity Strategist at Critical Insight, John Delano, emphasizes the need for healthcare organizations to remain vigilant and prioritize security within their supply chain.

Proactive Measures and Recommendations

Critical Insight provides recommendations for healthcare organizations to adequately prepare and protect themselves:

• Develop an incident response plan and conduct a NIST-CSF-based risk assessment to build a multi-year strategy.
• Monitor the cyber hygiene of critical partners essential to maintaining a secure environment.
• Place a strong focus on safeguarding third-party vendors, business associates, and suppliers from vulnerabilities.
• Ensure support from the board by highlighting the critical impact of security investments.

Conclusion

The H1 2023 Healthcare Data Cyber Breach Report by Critical Insight sheds light on the evolving cybersecurity landscape in the healthcare industry. While the number of breaches decreased, the number of individuals affected reached record levels. The report emphasizes the growing risks associated with supply chain and third-party business associates, as well as the need for healthcare organizations to proactively prepare and respond to cyber threats. To ensure the security of patient data and protect their reputation, healthcare organizations must remain vigilant and strengthen their cybersecurity measures.