- Data breaches cost healthcare providers over $4 billion in 2019 as attacks became more frequent and sophisticated.
In fact, the Department of Health and Human Services investigated more than 300 cases in 2019; almost 32 million patients’ records were stolen in the first half of the year alone. That was double the total records stolen in all of 2018.
- A look at the ransomware attacks in the healthcare industry (US) throughout 2019 that made headlines includes:
Talley Medical Surgical Eyecare Associates in Indiana suffered an attack in April that may have breached 106,000 patient records.
Pleasant Grove in Utah suffered an attack that compromised 320,000 patient records.
The Cancer Center of Hawaii in December faced an attack that suspended radiation treatments for patients as administrators struggled to regain network access.
Biggest weak spots for healthcare providers
In 2019 a research found consumers thought web browsers (24%) and endpoint defenses (21%) were the weakest links in their providers’ cybersecurity defenses, both coming in above patient portal defenses (20%) and IoT defenses (14%).
Coming in close second for healthcare providers’ weakest threat protection link, according to consumers, is email phishing defenses (23%). In the past year, phishing attacks have become one of the most pertinent threats to healthcare providers, as they are used to deliver all types of malware payloads.
- A survey was administered in February 2020 to 1,000 US consumers aged 18+ and weighted for the US population by age, region, and gender.
- Here’s what was found:
Consumers have started paying more attention to healthcare breaches, and more of them have seen their data stolen in a breach.
Consumers increasingly hold healthcare providers responsible for securing their personal health information.
- As these attacks are covered in the media, consumers are growing more aware of the threat.
Nearly 80 percent of consumers indicated they were at least slightly aware of data breach and cyberattack news. Additionally, over a quarter of consumers said they were very aware of cybersecurity news, reading about it frequently.
- Growing patient awareness means that healthcare organizations -from hospitals to insurers and everyone in between- must pay closer attention to their data security going forward.
This is especially relevant because of the continuing trend toward consolidation in the healthcare field, as larger entities make even more attractive targets to threat actors.
- Healthcare organizations face a fraught threat landscape as some of the richest ransomware targets.
In 2019 alone, the number of ransomware attacks hospitals and other healthcare companies faced rose 60 percent year over year.
- This is a substantial increase in frequency, and dovetails into the rising cost of a data breach across industries. Recent Ponemon Institute research found that the cost of a successful cyberattack rose from an average of $7.1 million to $8.94 million per attack.
- Consumers now pay closer attention to news of data breaches and, with the alterations in fiscal responsibility, are also more cost conscious and experience minded than they have been in the past. With those two externalities to factor in, healthcare organizations need to take a hard look at their cybersecurity technology stack to ensure they are doing everything possible to protect patient data against a breach.
- Healthcare organizations need to understand that their risk of facing a cyberattack is higher than ever, and that the reputation risk they face is correspondingly higher too.