Cybersecurity-as-a-Service provider Critical Insight has released its 2023 H1 Healthcare Data Breach Report, offering a comprehensive analysis of the cybersecurity landscape within the healthcare sector. The report draws insights from reported data breaches submitted by healthcare organizations to the US Department of Health and Human Services (HHS).
Notably, the report indicates a 15% decline in total breaches during the first half of 2023 compared to the latter half of 2022, potentially signaling a year-long downturn in breaches, marking the lowest count since 2019.
However, this positive trend is offset by a significant 31% surge in the number of individuals affected by data breaches during H1 2023, compared to H2 2022. This resulted in an impact on 40 million individuals within just six months, representing 74% of the total affected in the previous year. The leading causes of breaches were hacking and IT incidents, contributing to 73% of breaches in H1 2023.
Unauthorized access and disclosure were the second most prevalent types, while breaches due to theft, record loss, and improper disposal remained relatively minor.
The report highlights a notable shift in hacker tactics, with network server vulnerabilities being exploited in 97% of compromised individual records, while breaches arising from email vulnerabilities constituted only 2%.
An intriguing revelation is the escalating targeting of third-party business associates, surpassing breaches affecting healthcare providers and health plans. Around 48% of compromised records were tied to business associates, compared to 43% linked to healthcare providers. Critical Insight’s healthcare cybersecurity strategist, John Delano, underscored the importance of proactive defense strategies and incident response planning in the face of these evolving threats, emphasizing the need to secure the entire supply chain and prioritize cybersecurity investments.
