A recent study has found that healthcare providers remain the primary targets of cybercriminals. Fortified Health Security, a leading provider of healthcare security services, recently unveiled their 2023 Horizon report. The report highlighted the latest statistics and findings on the healthcare cybersecurity landscape. Remarkably, the report revealed that healthcare providers, health plans, and their business associates were the primary targets of cybercriminals in the last year. It also examined how federal and state agencies have increased their investments in healthcare cybersecurity programs due to a heightened awareness of new forms of data breaches in the healthcare sector.
In the report, the researchers found that the number of data breaches decreased slightly in 2022, yet the amount of exposed records rose from 49.4 million to 51.4 million. This figure, excluding the 2015 incidents of Anthem Inc. and Premera Blue Cross, accounts for the highest recorded amount of breached records in a single year. The data reveals that the severity of each breach is increasing, causing notable financial and reputational damage to the victims. In addition, healthcare providers remain the most common victims, representing 70 percent of all breaches. Furthermore, the share of breaches attributed to business associates increased from 15 percent in 2021 to 18 percent in 2022, while the proportion of health plans fell one percentage point to 12 percent.
Additionally, Fortified Health Security’s report found that over 78 percent of breaches in 2022 were a result of hacking and IT incidents. This is cause for concern as it is a stark increase from 2018’s 45 percent. Moreover, the report shows that in the past 12 months, over half of survey participants worldwide reported a successful hack that prevented access to data. The amount has increased by 23 percent since 2021. More than two-thirds of respondents are unconvinced that current security measures are enough to fend off malware or ransomware attacks, and 63 percent aren’t at all satisfied that their mission-critical data can be successfully retrieved following an attack.
The research also gave healthcare security professionals five cybersecurity priorities to concentrate on in 2023. Preventative strategies and resources are the first priority, followed by a comprehensive, forward-looking third-party risk management program that looks for potential risks instead of responding to existing ones. Multi-factor authentication should be instated by hospitals, and subsidies and grants should be taken advantage of, as many hospitals are already operating at a deficit. Finally, healthcare institutions should look to strengthen their security programs, going beyond HIPAA’s requirement for annual security awareness training in order to create a culture of security among staff.
“Hospitals and health systems faced tremendous pressures, both internally and externally in 2022 – and not just from a cybersecurity perspective, but also in terms of profitability, expenses, and staffing,” said Dan L. Dodson, CEO of Fortified. “We cannot let our guard down, as we anticipate a rise in large-scale breaches this year. The effects of these hacking incidents and breaches on healthcare are detrimental, and to mitigate this, we expect to see an increased investment by stakeholders in new cybersecurity solutions that reduce risk and increase their security posture in 2023.”
