- Cyberattacks are pivoting to target smaller healthcare companies and specialty clinics without the resources to protect themselves, instead of larger health systems that — despite being treasure troves of personal and medical data — generally have more sophisticated security, according to a new report from Critical Insight.
- Cybercriminals hit the jackpot this year with the Eye Care Leaders electronic medical records breach, which exposed more than 2 million records. Other major attacks include those against revenue cycle management vendor Practice Resources, which exposed the data of 940,000 individuals; printing services vendor OneTouchPoint that breached the data 1.1 million individuals ; and accounts receivable firm Professional Financial Company that exposed the data of 1.9 million individuals.
- The number of overall breaches are steadily declining from their peak in the second half of 2020. But the trend of focusing on a systemic technology used across most providers is one the cybersecurity firm expects to continue throughout the remainder of the year, the report, which analyzes breach data reported to the HHS, said.
The healthcare industry continues to be a top target for cybercriminals, even as total breaches fell from a peak of 393 in the second half of 2020, to 324 in the first half of 2022, according to Critical Insights.
Breaches affected roughly 20 million individuals in the first half of this year — the third consecutive quarter of breach decline, and a 28% drop compared to the same period last year, the report found.
Smaller hospital systems and specialty clinics are rising to the top of those affected by hacking or IT incident breaches. Breaches associated with health plans dropped by 53%, but attacks against business associates jumped 10% and attacks against providers went up 15%.
That shift, from “large hospital systems and payers to smaller entities that truly have a deficit when it comes to cyber defenses, shows a massive change in victims and approach,” John Delano, healthcare cybersecurity strategist at Critical Insight and Vice President at Christus Health, said in a statement on the report.
“As we continue into 2022, we anticipate attackers to continue to focus on these smaller entities for ease of attack, but also for evasion of media attention and escalation with law enforcement,” he said.