Critical Insight Releases 2020 H1 U.S. Healthcare Cybersecurity Data Breach Report

Healthcare Cybersecurity Firm Unveils Decline in Reported Healthcare Cyberattacks to Department of Health & Human Services, Expects Surge in H2

Seattle, WA — Critical Insight®, the mission-driven provider of Critical Insight Managed Detection and Response (MDR) services for critical systems and organizations, today announced the release of the 2020 H1 Healthcare Data Breach Report, which analyzes trends around reported data breaches and records breached from healthcare providers.

This has been a very challenging year since the first confirmed case of the novel coronavirus in the U.S. was reported in January. Despite the outbreak starting in the first half of 2020, data analyzed from the Health and Human Services (HHS) Office for Civil Rights (OCR) Breach Portal shows that the number of patient data records breached dramatically declined during the early stages of the pandemic.

Reports of Healthcare Breaches and Compromised Records Are Down in Early 2020

Critical Insight analysts assessment indicates that the number of breach reports in the first half of 2020 is down 10.4 percent compared to the second half of 2019, and the number of breached records is down nearly 83 percent, based on information that healthcare organizations are required to submit to HHS within 60 days of the discovery of any breach affecting more than 500 individual records.

“A combination of factors come into play for the numbers declining so precipitously during a global pandemic, including healthcare organizations misunderstanding HIPAA and COVID-19 exceptions issued during the pandemic, healthcare organizations simply being too busy to report, or organizations having been so distracted by the pandemic they are not aware they have already been breached,” said Drex DeFord, Executive Healthcare Strategist, Critical Insight.

“With the likely notion that some healthcare organizations are not accurately reporting attacks and breaches, this draws attention to the fact that there will likely be a dramatic increase in discovery in the next six months.”

Key Findings

  • A total of 3.8 million individual records were breached through hacking and IT incidents in the first half of 2020, compared to 30 million records breached over the prior six-month period. 
  • The first half of 2020 showed an 82 percent drop in records breached by healthcare providers (over the previous six-month period).
  • Email was the top source of breaches in the first half of 2020 (134), blamed for over 3M records breached in the first half of 2020, up 86 percent over the last half of 2019. 
  • Hacking consistently leads the way for total number of breach reports, accounting for 149 of the 249 breaches reported in H1 2020. 
  • Providers reported 18 percent fewer breaches in the first half of 2020, compared with the last six months of 2019. 

Early 2020 Impacts on Healthcare IT

The emergence of the COVID-19 global pandemic caused organizations to change business and clinical practices rapidly from rolling out work-from-home for employees, driving exponential increases in telehealth visits, and urgently acquiring and installing equipment, including Internet of Things (IoT) and Internet of Medical Things (IoMT).

Additionally, healthcare organizations extended capacity by quickly on-boarding previously retired clinicians, and temporary employees; added new locations for drive-thru testing and other needs; and connected to new suppliers. 

What's Next for Healthcare Security in H2 2020

Critical Insight anticipates that cyberattacks will surge over the next six months, given hospital records remain a high-value target for hackers; patient medical records are worth as much as ten times more than credit card numbers on the dark web. Healthcare organizations will require more cyber security vigilance than ever before.