Critical Insight, a cybersecurity-as-a-service provider, Health Data Breach Report for the First Half of 2023provides insight into the cybersecurity landscape in the healthcare sector.
This analysis is based on data breaches reported to the U.S. Department of Health and Human Services (HHS) by healthcare organizations.
The report notes an overall 15% decrease in the total number of breaches in the first half of 2023 compared to the second half of 2022. This is a positive development given the industry’s historical uptick in attacks. This suggests that the number of breaches may decline throughout the year, and that 2023 could see the lowest number of breaches since his 2019.
However, the decline in breaches was offset by a significant 31% increase in the number of individuals affected by data breaches in the first half of 2023 compared to the second half of 2022. This surge will affect him to 40 million people within six months, or 74% of her worldwide. In 2022, that total will be affected.
Hacks and IT incidents remain the main sources of breaches, contributing to 73% of breaches in the first half of 2023. Unauthorized access and disclosure follows as his second most common type. Compromises due to theft, loss of records, or improper disposal were relatively minimal.
The report also highlights the changing tactics of hackers who exploit vulnerabilities in network servers, responsible for 97% of compromised personal records. In contrast, only 2% of breaches were due to email vulnerabilities.
Server Vulnerability Details: Telerik Software Flaw Compromises US Government IIS Servers
Another notable finding is the increased targeting of third-party accounts. Compromises involving business partners outnumbered breaches affecting health care providers and health insurance. About 48% of the compromised records were related to business people and 43% to healthcare providers. Of note, in the first half of 2023, 50% of the individuals affected by the breach were associated with business partners.
Commenting on the report, John Delano, Healthcare Cybersecurity Strategist at Critical Insight, emphasized the importance of proactive defense strategies and incident response plans.
“Our report finds that hackers are increasingly targeting the weakest and most vulnerable points in the supply chain, especially the business partners and third-party companies that serve healthcare institutions, and that they are effectively It highlights the importance of incident response plans and proactive defense strategies,” Delano explained.
especially, The report recommends These include developing incident response plans, conducting risk assessments, emphasizing cybersecurity among key partners, securing third-party vendors and affiliates, and obtaining board support for significant cybersecurity investments.