The vast majority of healthcare organizations process and store protected patient health information (PHI) such as social security numbers, medical histories, and other personal data. Undoubtedly, this has drawn the attention of threat actors who may leak sensitive data and use it for political or monetary gain. With the rapid growth of cloud computing and bring your own device (BYOD), as well as remote work brought ON by the global pandemic, 2020 will be significantly different than any year in history. In the 2020 Healthcare Information Breach Review released by Bitglass, it was noted that in 2020, a total of 599 healthcare data breaches occurred in the United States, an increase of 55.1% over the previous year, affecting 26.4 million people. The vast majority (67%) of breaches were attributed to “hacking and IT incidents” from external attackers, which accounted for more than 91% of data breaches. This was followed by loss or theft of endpoint devices, affecting 584,000 people, and unauthorized data leakage from systems, affecting 763,000 people. Although the number of victims fell slightly from 27.5 million in 2019, the average cost of each breached piece of data increased from $429 to $499, resulting in a total of $13.2 billion in damages. Overall, both hacking and IT incidents are on the rise.
1. Main findings
In 2020, hacking and IT incidents were responsible for 67.3% of medical breaches, more than three times as many as the second-ranked such incidents. In addition, intrusions caused by hacking and IT incidents exposed 91.2% of all records breached in the healthcare sector in 2020, these results demonstrate the heightened impact of cybersecurity breaches, changes in the strategies of malicious actors, and the growing impact of healthcare organizations in today’s How to deal with cybersecurity in a dynamic, cloud-based world. The remaining categories, albeit in small proportions, still exposed the data of around 2.3 million people, leaving victims vulnerable to identity theft, phishing and other forms of cyberattacks.
Lost and stolen equipment was the leading cause of security breaches in the healthcare industry in 2014, while hacking and IT incidents were the least common. Today, however, the situation has largely reversed. Hacking and IT incidents are now the major forces behind healthcare data breaches, every year since 2017. As organizations continue to embrace cloud migration and digital transformation, healthcare organizations must leverage the right tools and strategies to successfully protect patient records and address growing threats to their IT ecosystems.
Every year since 2015, more records have been exposed by hacking and IT incidents than any other type of intrusion. In addition, the scale of these incidents has increased every year since 2018, indicating that organizations are increasingly relying on their IT resources, and criminals are increasingly targeting them. With more than 24 million individuals affected, businesses must be equipped with modern tools capable of preventing hacking and IT incidents, as well as preventing data breaches.
2. The cost of data breaches in 2020
The average cost of a healthcare leak in 2020 remained higher than all other industries, up 10.5% since 2019, according to Ponemon. Likewise, the cost per breach also increased, from $429 to $499 (a 16.3% increase). On average, healthcare companies took the longest to identify a breach, around 96 days, and took the longest to recover from a breach, around 236 days.
Year-over-year changes are shown below, and the total cost of medical violations is calculated as the cost per violation per year multiplied by the number of violations per year. Data shows that billions of dollars are wasted every year due to negligence in cybersecurity or the inability to protect data in the modern work environment using traditional tools. To meet this challenge, healthcare companies should turn to comprehensive platforms designed to secure any interaction between any device, application, web destination, local resource or infrastructure.
3. The largest medical data breach in 2020
The largest healthcare data breach of 2020 was a ransomware attack on cloud service provider Blackbaud Inc. The actual number of records exposed and obtained by the hackers has not been made public, but more than 100 of Blackbaud’s healthcare customers were affected, with more than 10 million records known to have been compromised. The vulnerability does not appear on the OCR Breach Portal, as each affected entity has reported the vulnerability individually.
Before deploying the ransomware, hackers stole the fundraising and donor databases of many customers, which included names, contact information, dates of birth and some clinical information. Victims include Trinity Health (3.3 million records), Inova Health System (1 million records) and Northern Light Health Foundation (657,392 records).
Florida-based business partner MEDNAX Services Inc., which provides revenue cycle management and other administrative services to its affiliated physician practice groups, experienced the largest phishing attack of the year. Hackers breached its Office 365 environment, potentially gaining access to the Social Security numbers, driver’s license numbers, health insurance and financial information of 1,670 individuals.
Magellan Health’s million-record data breach also started with a phishing email but ended with the deployment of ransomware. The breach affected several of its affiliated entities and could lead to the theft of patient information.
The Dental Care Alliance, a dental support group with more than 320 affiliated dental practices in 20 states, had its systems hacked and the dental records of more than 1 million people could have been stolen.
4. The main reasons for medical data breaches in 2020
Hacks and other IT incidents dominated healthcare data breach reports in 2020. These incidents include exploits, phishing, malware and ransomware attacks, the latter of which has increased significantly in recent months.
According to a Check Point report, ransomware attacks against healthcare providers increased by 71% in October 2020, and healthcare cyberattacks increased by another 45% in the last two months of 2020. Some of the biggest and most damaging breaches of the year affecting the healthcare industry in 2020 involved ransomware. In many cases, systems were not working for weeks and patient services were affected. Ryuk, Sodinokibi (REvil), Conti and Egregor ransomware are the culprits. The healthcare industry has been a serious target throughout the pandemic. In 2020, at least 560 healthcare facilities in the U.S. were affected by ransomware attacks in 80 different incidents, according to Emsisoft.
Unauthorized access/disclosure incidents accounted for 22.27% and 2.69% of breaches for the year. These incidents include malicious insiders accessing medical records, medical workers snooping on medical records, accidental disclosure of PHI data to unauthorized individuals, and human error exposing patient data.