Cyber attacks against health providers on the rise: Trustwave, IBM
Cyber attacks against health providers on the rise: Trustwave, IBM unknown
Cybersecurity threats to healthcare organizations have grown exponentially in the last few years, according a report published Thursday.
Nearly 25% of cyberattacks in 2022 targeted the healthcare industry, according to data cited in a report from managed security company Trustwave. Data security overall is a challenge to healthcare that's bordering on a crisis, the authors of the report said.
Three of the biggest data breaches since 2010 (see below) have been reported in the past three months. On Monday, Nashville-based hospital system HCA Healthcare reported a data security incident that may have compromised the personal information of approximately 11 million patients. In May, the Health and Human Services data breach portal listed a hack of benefits administrator company Managed Care of North America that affected nearly 9 million people. Also in May, pharmacy services provider PharMerica had a breach listed affecting 5.8 million individuals.
As the threat increases, experts say healthcare organizations need to be more vigilant than ever. Here are four takeaways from the report:
1. The cost of a healthcare cyberattack is higher than for any other industry.
The healthcare industry had the highest average cost per breach for the 12th consecutive year. The cost of a data breach in healthcare averages out to $10.10 million per incident, according data from IBM cited in the Trustwave report. In healthcare, the cost has gone up 42% since 2020.
The threat against providers temporarily halted during the first year-and-a-half of the COVID-19 pandemic. But some of the changes providers made to mitigate virus transmission presented challenges to security efforts and exacerbated the problem, said Karl Sigler, co-author of the report and senior security research manager at Trustwave's Spiderlabs division.
“[The] administration staff was working from home [and] the hard perimeter of hospital campuses was kind of disappearing,” Sigler said. “That introduces a lot of challenges to an already challenging situation.”
The lagging defense has led many cybercriminals to actively target healthcare organizations, Sigler said.
Healthcare and public health were victims of 210 separate attacks last year, which was higher than for any other industry, according to data from the Federal Bureau of Investigation’s Internet Crime Compliant Center.