- Department of Health and Human Services data shows more than 26.4 million people were impacted by healthcare breaches in 2020, according to a report from cybersecurity firm Bitglass released Wednesday. About 91% of those healthcare records were exposed due to hacking, according to the report.
- The report shows 67% of all healthcare data breaches were the result of malicious hacking or weak IT security, accounting for 403 of the 599 reported incidents during the year. The 599 incidents represented a 55% increase from year-ago figures.
- "These incidents were primarily caused by malware, ransomware specifically," said Kevin Sheu, senior vice president of marketing at Bitglass. "However, in many cases phishing was also employed in order to apprehend sensitive information, gain access to corporate systems or infect users with threats."
The report highlights a growing trend of individuals and organizational hacking groups targeting healthcare providers for access to personal information of patients, access to medical data or attempts to disrupt medical delivery.
Hackers are motivated to access healthcare organizations because they store protected health information, including medical history, social security numbers and other critical information that patients would not want revealed to the public, according to the report.
The COVID-19 pandemic created demand for additional data, including medical research data and scientific information on vaccines and other medications to fight the disease, according to Charles Herring, co-founder and chief technology officer at WitFoo.
"Nation-state cyberattacks focusing on COVID-19 vaccine research in 2020 showed the race across international borders to establish dominance in intellectual property created through healthcare research," he said via email.
California had the most healthcare breaches during 2020 with 49, surpassing Texas, which had 43 breaches, according to the report. Michigan had the highest number of people impacted by data breaches, primarily due to the September 2020 Trinity Health System breach, which impacted 3.3 million people.
The Bitglass report comes just weeks after research from VMware Carbon Black showed a surge in ransomware attacks against healthcare targets. More than 239 million hacking attempts were made against VMware Carbon Black healthcare customers during 2020. There were 816 attempted attacks per endpoint, an increase of more than 9,851% from the prior year, according to VMware Carbon Black.
"Given the critical nature of data at healthcare organizations, they are often a prime target for attacks, as cybercriminals know patient care is on the line and organizations are more apt to pay," Rick McElroy, principal cybersecurity strategist at VMware Carbon Black, said via email.