Organizations that handle healthcare data relating to US citizens must report any data breaches to the US Department of Health & Human Services (HHS). The reporting is done via a web portal and must be within 60 days for breaches that expose more than 500 individuals, or as part of the end-of-year reporting for breaches under 500.
The data collected by HHS on breaches with over 500 individuals are publicly available on their website — commonly known as the "Wall of Shame." Twice a year, Critical Insight analyzes the latest breach data from HHS, and then we publish a report with our findings. The latest report for 2021 H1 is now available. It contains valuable insights on cybersecurity trends within the healthcare sector. The report includes:
- An analysis of the reported breaches.
- What the data shows about the evolution of cybercriminal tactics.
- Steps to take to prevent attacks from succeeding and how to respond to a breach in your organization.
- Our predictions on how the cybersecurity threat to healthcare providers will develop over the coming months.
You can download a copy of the report and also watch an expert-led webinar that discusses the findings at https://cybersecurity.criticalinsight.com/2021_healthcare_data_breach_report
Industry Response to the 2021 H1 Healthcare Data Breach Report
The focus on cyberattacks targeting critical infrastructure, which includes healthcare delivery, is currently high on the agenda of the Government and most organizations. The 2021 H1 Healthcare Data Breach Report has attracted much attention and reporting in the cybersecurity and healthcare IT press. This is gratifying as it means that cybersecurity in this area is on people's radar.
Below we highlight ten press responses to the report. Feel free to reach out to us via the Critical Insight contact page if you want to discuss any points raised by the report or the webinar. Or for expert advice on how to protect your critical infrastructure from cybercriminals.
The HealthITSecurity site had two articles in response to the report. In the first, they covered the findings along with broader cybersecurity trends. They conclude their article with the following paragraph, which is good advice:
“The report advised healthcare entities to assess third-party risk, regularly review business associate agreements, and implement strict access controls. Considering the growing number of cyber threats, healthcare providers must ensure basic cyber hygiene to avoid becoming the next name on HHS’ data breach portal.”
Read this HealthITSecurity article on their site at:
The second HealthITSecurity article that mentioned the report was a news post about an Illinois-based medical consultancy group informing 171,000 of their patient clients that their data was compromised. They use the Critical Insight report to highlight the widespread nature of cyberattacks against healthcare organizations.
Read this second HealthITSecurity article on their site at:
Security Magazine provides security industry news across both cybersecurity and physical security. They outlined the findings from the report and that there is a general upward trend in breaches reported by healthcare providers.
Read the Security Magazine article on their site at:
The HIPAA Journal aims to provide the most comprehensive coverage of HIPAA news online. They deliver independent advice about HIPAA compliance and the best practices to avoid data breaches, violations, and regulatory fines. Readers of the HIPAA Journal are right in the wheelhouse of the target audience for whom we publish the Healthcare Data Breach Report. It's good to see the report being picked up and flagged to their audience.
Read the full HIPAA Journal article on their site at:
SC Media is a popular online news and analysis resource for cybersecurity professionals. They covered the findings in the Critical Insight report in depth. Also, they compared them to similar vendor-related vulnerability findings that SC Media reported in their own analysis of 2021 cybersecurity attack data.
Read the SC Media article on their site at:
The Fierce Healthcare website delivers healthcare news at the intersection of business and policy. Their article summarizing the report goes into detail, with numerous examples of recent breaches, and includes comments from Vivian Zhou, the Critical Insight Healthcare Program Manager, and a lead author on the report.
Read the Fierce Healthcare article on their site at:
Healthcare IT News
Healthcare IT News is a globally focused IT news site that reports on all topics related to IT in healthcare. Their summary post on the Critical Insight report recaps its main findings.
Read the Healthcare IT News article on their site at:
HealthCare Business News
HealthCare Business News also recapped the findings in the report on their popular DotMed site.
Read the HealthCare Business News article at: https://www.dotmed.com/news/story/55771
The HealthcareInfoSecurity site chatted with John Delano, a regional CIO at AdventHealth hospital group and a healthcare security strategist for Critical Insight. In the 12-minute chat, the Critical insight report gets discussed in the wider healthcare cybersecurity context. John says in the conversation that, "It takes a lot of time and effort to not only extend your security posture beyond your own four walls, but then when you have to look at the hundreds or even thousands of vendors and third-party folks who have access to your data, it can be overwhelming, but you have to make it a priority … to categorize your data and understand who has access to the most critical data - and ensure that [vendors are] taking appropriate steps to meet your security requirements … and to secure that data if it leaves your premises."
Listen to the 12-minute chat on their site at:
HealthcareDive is a healthcare sector news site covering health IT, policy & regulation, insurance, digital health, payer-provider partnerships, value-based care, and more. Their article reporting on the data breach report findings has a quick takeaway section and a deeper dive into the report detail.
Read it at:
The 2021 H1 Healthcare Data Breach Report provides a timely reminder that cybersecurity professionals tasked with defending healthcare provider's systems need to stay vigilant.
Critical Insight can help you with that task. Our cybersecurity professionals are focused on the threat landscape. These experts, combined with 24x7 monitoring teams based in our Security Operations Center (SOC), can deliver the cybersecurity expertise your healthcare organization needs to deal with cybersecurity threats.