Critical Insight Finds Healthcare Data Breach in H2 2022 Higher than Pre-Pandemic Levels Affecting More Individuals

SEATTLE--(BUSINESS WIRE)--Critical Insight, the Cybersecurity-as-a-Service provider specializing in helping critical organizations Prepare, Detect, and Respond in today’s threat environment, announced today the release of the firm’s H2 2022 Healthcare Data Breach Report, which analyzes ​​breach data reported to the U.S. Department of Health and Human Services by healthcare organizations. The number of data breaches affecting healthcare providers declined in the second half of 2022, consistent with a downward trend over the past two years, but a deeper dive into the data reveals that current breach totals are still higher than pre-pandemic levels; breaches are affecting more individuals; and hackers are shifting tactics to attack weak links in the healthcare system supply chain, most notably attacking EHR systems.

The report shows that while the number of data breaches affecting healthcare providers declined in the second half of 2022, the number of individual records exposed by these breaches increased by 35%. The report also highlights the evolving tactics of hackers and the need for healthcare organizations to prioritize preparation, detection, and incident response. Key Findings: Breach numbers are down: Total breaches dropped 9% between the first six months of 2022 and the year's second half, declining since a high-water mark at the height of the pandemic from 393 breaches in the second half of 2020 to 313 in the latest reporting period. Records affected are up: The number of individual records exposed by breaches skyrocketed by 35% in the second half of 2022 to hit 28 million.

In other words, fewer but more significant breaches reflect consolidation within the industry and the evolving tactics of attackers. Hacking remains high: Most data breaches are due to hacking. Healthcare organizations have done an excellent job of shoring up their policies around handling and storing medical records. Hacking accounted for 79% of all incidents and 84% of individual records exposed in 2022. Most common breach causes: Unauthorized access/disclosure now affects more records per breach than any other breach type. On average, the number of individuals affected per unauthorized access/disclosure breach spiked from 5,700 in the first half of 2022 to over 143,000 in the second half. By comparison, the average number of individuals affected per hacking breach grew from 73,900 to 87,000 in 2022.

Who’s getting breached?: Attackers continue to attack hospitals but have found increasing success targeting business associates and third-party vendors such as electronic medical record providers, lawyers, accountants, billing companies, and medical device manufacturers. In the second half of 2022, more records were exposed due to breaches at business associates (48%) than actual healthcare providers (47%).

What we’re watching: Attacks against EMR systems which were non-existent in past years, spiked to 7% in the first half of 2022 and 4% in the second half of 2022. For the full year 2022, EMR-related breaches accounted for 6 million individual records exposed. "As the healthcare industry continues to face a rapidly evolving threat landscape, it's crucial for organizations to stay ahead of the curve and stay prepared," said John Delano, Healthcare Cybersecurity Strategist at Critical Insight and Vice President at CHRISTUS Health. "Our latest H2 2022 Healthcare Breach Report highlights the shifting tactics of attackers, who are now targeting smaller entities with weaker cyber defenses.

Organizations must stay vigilant and proactively defend against these threats to protect patient data and maintain the trust of their patients and the public." This report provides valuable insights into the current state of healthcare breaches and the need for organizations to implement a comprehensive security strategy, including risk assessments, third-party risk management, and incident response planning. To download the report, please visit About Critical Insight Critical Insight is the only cybersecurity-as-a-service provider that prepares, monitors, and responds to cyber threats, going beyond SOC-as-a-service offerings typical of Managed Detection and Response (MDR) offerings.

With our focus on organizations that deliver critical services – hospitals, local governments, utilities, school systems, and more – we provide end-to-end support to those with limited security teams or budgets to handle threats proactively and as they occur. Based in Seattle, Washington, Critical Insight is a venture-backed company founded by former CISOs in the public sector. It is committed to training new analysts and providing the most up-to-date cybersecurity protection.