Will 2022 Be the Year that Ends Data Breaches in Healthcare?

Healthcare is arguably one of our fundamental human rights.  As such, we not only seek the best available care, but we must ensure our personal data be available and protected. Today more than ever, it’s imperative that Health IT leaders invest in security, perform regular cybersecurity risk assessments and strive for secure interoperability. The future of the healthcare infrastructure relies on organizations to continue to do everything they can to protect the confidentiality, integrity, and availability of their patients’ health information.  

Unfortunately, the increasing number of healthcare data breaches continues to be at the top of the news. Healthcare continues to be a primary target for cybercriminals due to vulnerability and the high value of healthcare data. Healthcare data breaches leak patients’ HIPAA-protected confidential records, and millions of people are affected. Data breaches have a detrimental effect involving long-term financial consequences, disruption to patient care, a decline in hospital productivity, and worst-case scenarios, death of one’s loved ones may occur. 

On December 2, 2021, The leading provider of commercial healthcare intelligence, Definitive Healthcare, released a study announcing the largest healthcare data breaches in 2020 and 2021. Annually, the compilation of the largest data breaches is posted by the Secretary of Health and Human Services (HHS) and consists only of breaches of unsecured PHI affecting 500 or more individuals. All data breaches of unsecured protected health information must be reported to all of the individuals impacted, HHS, and, in some cases, the press. This reporting is commonly referred to as the “wall of shame.” HHS only reports data breaches from the following types of organizations: healthcare providers, health plans, business associates, and healthcare clearinghouses. 

This year through mid-October 2021, there have already been 543 healthcare data breaches affecting 36 million records. Chuck Brooks, global thought leader in cybersecurity and emerging tech, published a Forbes article relaying “more bad news in 2021, according to the Identity Theft Resource Center (ITRC), the number of data breaches publicly reported so far this year has already exceeded the total for 2020, putting 2021 on track for a record year.” Before this year, 2015 had more than 112 million records breached, affecting the largest number of individuals in several years. 

Experts believe that the current surge in ransomware and data breaches within the public health sector results from the Covid-19 pandemic. In 2020, there was an increase of 150 data breaches from 2019, and “out of the 663 healthcare data breaches in 2020, the top twenty account for nearly half, or 16 million, of the 33 million total individuals affected. The largest incident compromised over 3.3 million records and five breaches affected over 1 million individuals each,” according to Definitive Healthcare. The common sources of 2020’s healthcare data breaches consisted of the following: network server breaches (43.0%), email (36.0%), paper/film (13.7%), EMR (5.0%), desktop (3.0%), other portable electronic devices (2.6%), and laptop (2.4%). Over two-thirds of these healthcare data breaches were caused by hacking or IT incidents, the most common type of breach. As the number of ransomware attacks caused by hacking or IT incidents increases, the number of breaches caused by theft, loss, and unauthorized access/disclosure decreases. 

However, it’s not just about data loss. Several studies, including The Impact of Ransomware on Healthcare During COVID-19 and Beyond, published by Ponemon Institute, a research center dedicated to privacy, data protection, and information security policy, suggest that ransomware attacks on healthcare delivery organizations may have a significant impact on care delivery, including increased mortality rates. This risk is an essential concern for IT and security leaders in healthcare because patients’ lives are at stake. As a result, the healthcare industry must continue to transform cybersecurity by implementing broader risk management programs and automation.

There is undoubtedly much more work to prevent cybercriminals from disrupting patient care and costing the healthcare industry billions of dollars. As this year comes to an end, how will your organization transform its cybersecurity and risk management processes, resources, and technologies to protect patient data and care in 2022? 

Ed Gaudet
CEO and Founder, Censinet

More Censinet News

Digital Marketing Manager

Censinet is the leading provider of healthcare IT risk solutions. Censinet RiskOps, our software-as-a-service platform, helps the top healthcare providers in the United States work with their worldwide vendor and supplier community to ensure that health information is protected and continuous... READ MORE
Healthcare Investments Image

Investing in Healthcare Cybersecurity in 2022

As 2021 comes to an end, Healthcare IT leaders begin to prepare and discuss their organization’s investment plans for the upcoming year. As an industry, the increasing number of healthcare data breaches and cyberattacks have (1) highlighted the need for better patient, data, and supply chain... READ MORE

Log4j: Meet the new zero-day, same as the old zero-day

What is the Log4j issue? The Apache Log4j 2 utility is a commonly used service component for logging requests for audit and review purposes. Log4J, written in Java, supports many projects, including multiple cloud services and various open-source and commercial enterprise products.  On December 9,... READ MORE

Discover What You Can Do

Discover What You Can Do

Let's chat about your priorities, what your process is like today, areas that you want to improve, and any gaps you would like to close. Learn More