Data Breaches 2022: A Comprehensive Industry-Wise Overview
Data breaches are becoming more prevalent, affecting organizations across all industries without exception.
Service providers in the healthcare industry are responsible for the confidentiality of the data they store and process. Unfortunately, the healthcare industry has its fair share of cyber attacks. Between June 2020 and December 2021, the healthcare industry was the target of over 300 cyber attacks in 35 countries, including 165 confirmed and 98 suspected ransomware attacks.
Furthermore, over 90% of healthcare organizations have reported a security breach in the past few years, with hospitals alone accounting for 30% of all major data breaches. Forbes reports that 53% of businesses in the pharmaceutical and biotech sectors have experienced cyberattacks. This article will spotlight the top cybersecurity threats that will probably impact the healthcare industry this year.
IoT has been put to good use in the healthcare industry over the last few years as the market size for healthcare IoT is expected to grow from USD 60.83 Billion in 2019 to USD 260.75 Billion in 2027, with a compound annual growth rate (CAGR) of 19.8%.
However, over 53% of connected devices are vulnerable to cybersecurity attacks. The lack of security measures implemented by healthcare companies and vulnerabilities in connected devices pose cyber risks despite increasing use.
The demand for IoT devices is only expected to rise in the coming years, and the responsibility for their security will shift from manufacturers to cybersecurity specialists. Therefore, they’ll need stronger IoT cybersecurity strategies to keep up with the ever-changing landscape of healthcare IoT.
For the past 12 years, the healthcare industry's average cost of a data breach situation has been higher than in any other industry, making data breaches one of healthcare’s greatest challenges. The healthcare industry is notorious for its reliance on data storage for sensitive information like patient health records, insurance details, and even social security numbers.
Cybercriminals will resort to any means necessary to obtain such information and then use it maliciously, including but not limited to identity theft, fraud, and other forms of cybercrime. Data breaches pose a serious threat to the healthcare sector, with the potential for data leakage, reputational harm, and catastrophic financial losses.
According to IBM’s annual report, the average cost of a healthcare data breach in the US was $10.1 million in 2022. Health Insurance Portability and Accountability Act (HIPAA) is just one example of a law that imposes stringent cybersecurity regulations on the healthcare industry.
Aside from compliance requirements, limiting and helping to prevent data breaches requires proper implementation of third-party risk management, data encryption, secure networks, and devices.
After the pandemic, ransomware attacks skyrocketed by about 105% in 2021, with the healthcare sector bearing more than its fair share of the burden. Cybercriminals know healthcare providers are extremely vulnerable to ransomware attacks because of the disruption it can cause to critical systems and their data, making them a prime target. One of the major ransomware attacks targeted the Common Spirit Hospital , Chicago; the attack compromised the data of 630,000 patients.
In addition, professional cybercriminals have developed a variant of the product as a service model (BaaS) called Ransomware as a Service (RaaS), which enables anyone with even minimal technical expertise to launch a ransomware attack.
A thorough assessment of the cybersecurity vulnerabilities typically exploited during ransomware attacks is the best practice for preventing such attacks. Security measures such as strong passwords, multi-factor authentication (MFA), and staff education can help keep healthcare networks safe from cyber attacks.
The vast majority of phishing attacks take the form of email phishing, also known as business email compromise (BEC), which entails sending emails that look very convincing and typically reference a well-known medical disturbance to incentivize link clicking. As of 2022, phishing attacks constituted 50.7% of all healthcare-related cyberattacks. For example, CSI Laboratories, the cancer research facility was the victim of a phishing attack as one of the employee’s email accounts had been compromised, exposing the personal data of 244,850 patients.
DDoS attacks are a type of cyberattack in which multiple computers work together to overload a target’s network server and make it unavailable. As they don’t require compromising a network, DDoS attacks can be deployed on a larger scale and cause the same disruption as ransomware attacks.
In January 2023, 14 hospitals in the United States were hit by a distributed denial of service attack (DDoS), including Stanford Healthcare, Duke University Hospital, and Cedars-Sinai. The attack took down the hospitals’ websites and caused devastating damage.
The healthcare industry will be vulnerable to cyberattacks in 2023 as IoT has become increasingly important in the healthcare industry, making it more vulnerable to cyberattacks. The most serious cybersecurity threats to healthcare companies are data breaches, ransomware attacks, phishing attacks, and DDoS. Healthcare companies must prioritize cybersecurity and invest in advanced technologies to protect their patients’ data and IT infrastructure.