Healthcare Breach Report for 2020 Released by Critical Insight

3 min read

Editor's Note: The video above is the event replay of the live panel discussion on the findings from Critical Insight's 2020 Healthcare Cybersecurity Data Breach Report. Featuring CI's Experts and Healthcare CISO Nathan Wright, the panel weighed in on the report's findings, what it means for healthcare security and InfoSec teams in the coming year, and what you can do to mitigate the threats and risks to your organization. 

Following up on the half-year report analyzing the H1 2020 cyber security attack data against healthcare providers in the U.S., CI has recently released the full year's analysis in the Critical Insight - 2020 H2 Breach Report, which is available for download here. As the report's authors predicted, the frequency and severity of cyberattacks did increase in the latter half of the year - for some surprising findings.

The report provides timely information and advice to everyone tasked with cyber security decisions and protections in healthcare providers of all sizes. We would encourage all who fall into that category, and those in management positions, to download and read the report. And then, please act on the advice contained within.

This is an important topic at the best of times. But it is especially relevant now given the disruptions caused to healthcare operations due to the COVID-19 pandemic. Cybercriminals have been looking for ways to exploit the extreme pressures that healthcare providers have been under during 2020. The data from the second half of 2020 reveals that they have been succeeding.

Critical Insight predicts that we will see a further increase in cyberattacks against healthcare providers and suppliers in this sector during 2021 and beyond.

Key Takeaways from the 2020 Healthcare Cybersecurity Data Breach Report 

The data for cyberattacks that resulted in unauthorized access to information is even more stark. Healthcare providers must report data breaches that impact 500 or more records to the US Department of Health and Human Services. This data is published on the department's website for all to see. We have analyzed the data for H2 2020, and the results are grim reading. Here are some headline take-aways from the newly published report. 

  • Standard procedures for onboarding both staff and new IT systems often took a backseat in 2020. The focus was on providing patient care, mass COVID-19 testing, and the rollout of vaccination programs at the very end of 2020.
  • The data on the number of attacks against healthcare providers and their suppliers from H2 2020 shows that bad actors successfully exploited the increased attack surface created by pandemic-fueled healthcare changes.
  • There was a 36% increase in reported breaches in H2 over H1 (366 in H2 versus 270 in H1). 

Those figures are alarming enough, but the data on the source of the successful cyberattacks and breaches is possibly even more worrying. Attacks on business associates are way up. Download the report to get the full details, including stats and analysis of how many patient records were breached and how many were due to criminal activity.

Actions to Focus on Today

The report outlines key actions that all healthcare providers should take as soon as possible to mitigate the risk of cyberattacks in 2021 and beyond. Also, sign up for the discussion on the 17th of February, during which you'll be able to put questions to our expert panel.

One final tidbit from the report is worth repeating. When surveyed, 82% of hospital CIOs in in-patient facilities with under 150 beds reported that they are not spending an adequate amount on protecting patient records from a data breach.

We feel their pain in these extraordinary times. Help is available to maximize protections within the budgets available. CI's healthcare experts are available to assist CIOs, CISOs, and other professionals across the healthcare sector. Read the report, watch the panel discussion above, and reach out to us so we can help you protect your organization, staff, and patient data in 2021 and beyond.