Just when we thought it couldn’t get any worse for healthcare cybersecurity efforts, new evidence shows that data breaches in U.S. hospitals have significantly increased in the first seven months of this year.
A quick check of the U.S. Department of Health and Human Services’ Breach Portal shows 273 reported healthcare provider data breaches from January through July. An additional 48 health plans were victims of data breach, too. In all of 2021, there were 322 healthcare provider data breaches and 62 health plan data breaches. Currently, healthcare provider data breaches are up 45% over last year, while health plan data breaches are up 33%.
June was a particularly bad month for healthcare providers, as more than three million patient records were exposed in three separate incidents.
- June 15: Baptist Medical Center in San Antonio: 2 million patients possibly affected by data breach.
- June 9: Yuma Regional Medical Center in Arizona: At least 700,000 patients affected by a data beach.
- June 7: Texas Tech University Health Sciences Center: 3 million patients possibly affected by data breach.
Healthcare Provider Data Breaches by Month
- Month, Number of Breaches, Patients Affected
- January, 30, 1,337,290
- February, 35, 1,561,316
- March, 33, 1,473,001
- April, 40, 1,786,795
- May, 50, 2,234,887
- June, 56, 2,504,679
- July, 29, 1,297,817
Year-Over-Year Trends
A May report by Sophos on data breaches in the healthcare industry also showed steep increases in attacks over the past two years.
The report found that “66% of healthcare organizations were hit by ransomware last year, up from 34% in 2020,” and that healthcare had the highest increase in volume of cyberattacks among all sectors, at 69% year over year. Driving the increase, according to Sophos, was the Conti ransomware group, which is known to target healthcare organizations.
The Next Step You Can Take
Your healthcare organization might be the next victim unless you conduct an on-site cybersecurity risk assessment to identify and mitigate risk.
An on-site cybersecurity risk assessment, which determines the likelihood of an attack against your organization and its potential impact, should be a critical part of your organization’s procedures. An on-site cybersecurity risk assessment can quantify the impact to you company’s reputation, finances, and overall business health.
As technology is continually changing and evolving, organizations should aim to undergo a cyber risk assessment at least once every two years or more often if new threats become prevalent.
The Connectivity Center has partnered with several exceptional cybersecurity firms that specialize in cybersecurity risk assessments. Based on your specific needs, we can connect you to the firm that is your best fit. To get started, visit us online.