Attackers are changing their targets from large hospitals to specialty clinics


Critical Insight announced the release of the company’s H1 2022 Healthcare Data Breach Report, which analyzes data breach data reported by healthcare organizations to the US Department of Health and Human Services.

As the healthcare industry continues to be a top attack vector for cybercriminals and ransomware threat groups, the first half of 2022 saw an interesting shift in targets as attackers migrated away from large hospital systems and payers, large targets that would likely yield the most data, but also more sophisticated are defenses, down to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget.

Aside from this change in victim focus, attackers hit the jackpot this half of the year with Eye Care Leaders’ EMR breach, which exposed more than 2 million records. This trend to focus on a systemic technology used by most healthcare providers is a trend that we expect to continue into the end of 2022.

Trends in data breaches in healthcare organizations

The total number of violations is declining: The number of reported security breaches peaked in the second half of 2020, when organizations were so distracted by the pandemic that attackers found it easier to breach their defenses. Since then, the total number of violations has slowly but steadily decreased, from a peak of 393 to 367 in the first half of 2021, 344 in the second half of 2021 and 324 in the first half of this year.

Total number of people affected: The latest figures are encouraging as around 20 million people were affected in the first half of 2022, marking the third consecutive quarter of falling numbers, a 10% drop compared to the previous half year and 28% less than in the first half of 2021.

Who gets hurt?: Healthcare providers account for 73% of all violations, business partners account for 15% and health insurance companies for 12%. The interesting trend is that breaches involving healthcare providers fell from 269 in H1 2021 to 238 in H1 2022.

The most common causes of security breaches: Hacks related to network servers fell from a peak of 67% in H1 2021 to 57% in H1 2022. However, EMR-related violations increased from zero in H1 2020 to almost 8% of all violations in H1 2022.

We observe one: If we look at which segments of the healthcare ecosystem have had hacking/IT-type breaches, we now see that smaller hospital systems and specialty clinics are rising to the top. Violations related to healthcare plans fell 53%, but attacks on business partners increased 10% and attacks on vendors increased 15%.

“Attackers continue to push the boundaries and change the playing field when it comes to data breaches and healthcare attacks,” said John Delano, Healthcare Cybersecurity Strategist at Critical Insight and VP at Christus Health.

“This shift from large hospital systems and payers to smaller entities that are truly deficient in cyber defenses shows a massive shift in casualties and modus operandi. We anticipate attackers will continue to focus on these smaller units throughout 2022 to facilitate the attack, but also to avoid media attention and escalate with law enforcement.”


About Author

Comments are closed.