Patient Records Are a Big Draw for Cyber Criminals
Cyber threats in the healthcare industry continue to rise, fueling the need for more tech and security professionals to tackle this dangerous trend. While it could be argued that this is true across all industries, medical information is worth between 10 and 40 times more than credit card numbers on the black market. After all, many patient records include social security numbers, giving much greater access to an individual’s information than credit card numbers, which can easily be canceled and changed.
Cyber Incidents Impact Millions of Patients
Ransomware attacks targeting healthcare organizations doubled between 2016 and 2022, affecting more than 42 million patients, according to an article in The Journal of the American Medical Association (JAMA) Health Forum published in December 2022.
In the first three quarters of 2023, the U.S. Department of Health and Human Services Office for Civil Rights received reports of 327 data breaches, which affected over 40 million patients. Hacking/IT incidents accounted for 75% of the breaches, making them the most common type of breach.
Cyber Insecurity Study Shows Eye-Opening Results
Proofpoint’s second annual Study on Cyber Insecurity in Healthcare 2023 reveals what more than 600 IT and IT security practitioners had to say about the past year. Here are just a few highlights:
- 88% of organizations experienced an average of 40 attacks in the past 12 months
- The average total cost of a cyber-attack was nearly $5 million, a 13% increase from the previous year
- 64% of organizations suffered a supply chain attack in the past two years. Among this group, 77% said these attacks impacted patient care
- 63% of organizations had an average of 21 cloud compromises during the past two years
- Ransomware is no longer considered a top threat—only 48% are worried about these attacks
- Business Email Compromise (BEC) attacks are a growing concern—62% say they’re vulnerable
- Malicious insiders – negligent or disgruntled current or former employees – are the No. 1 cause of data loss and exfiltration
Cybersecurity Awareness Training Cannot be Left to Chance
The number of employees who cause security breaches due to carelessness or lack of awareness is troubling. However, educating staff at all levels to be more aware and constantly cautious in their online activities can make a difference. That’s why there is tremendous value in employing tech and security professionals who can properly and expertly conduct cybersecurity awareness training.
To learn how PrivaPlan can help your organization stay cyber-aware and mitigate threats, contact the privacy and security experts at PrivaPlan at info@privaplan.com or 877-218-7707.