Healthcare Cybersecurity Firm Unveils Decline in Reported Healthcare Cyberattacks to Department of Health & Human Services, Expects Surge in H2
SEATTLE–(BUSINESS WIRE)–#HIPAA—CI Security®, the mission-driven provider of Critical Insight™ Managed Detection and Response (MDR) services for critical systems and organizations, today announced the release of the 2020 H1 Healthcare Data Breach Report, which analyzes trends around reported data breaches and records breached from healthcare providers.
This has been a very challenging year since the first confirmed case of the novel coronavirus in the U.S. was reported in January. Despite the outbreak starting in the first half of 2020, data analyzed from the Health and Human Services (HHS) Office for Civil Rights (OCR) Breach Portal shows that the number of patient data records breached dramatically declined during the early stages of the pandemic.
CI Security analysts assessment indicates that the number of breach reports in the first half of 2020 is down 10.4 percent compared to the second half of 2019, and the number of breached records is down nearly 83 percent, based on information that healthcare organizations are required to submit to HHS within 60 days of the discovery of any breach affecting more than 500 individual records.
“A combination of factors come into play for the numbers declining so precipitously during a global pandemic, including healthcare organizations misunderstanding HIPAA and COVID-19 exceptions issued during the pandemic, healthcare organizations simply being too busy to report, or organizations having been so distracted by the pandemic they are not aware they have already been breached,” said Drex DeFord, Executive Healthcare Strategist, CI Security. “With the likely notion that most healthcare organizations are not accurately reporting attacks and breaches, this draws attention to the fact that there will likely be a dramatic increase in discovery in the next six months.”
- A total of 3.8 million individual records were breached through hacking and IT incidents in the first half of 2020, compared to 30 million records breached over the prior six-month period.
- The first half of 2020 showed an 82 percent drop in records breached by healthcare providers (over the previous six-month period).
- Email was the top source of breaches in the first half of 2020 (134), blamed for over 3M records breached in the first half of 2020, up 86 percent over the last half of 2019.
- Hacking consistently leads the way for total number of breach reports, accounting for 149 of the 249 breaches reported in H1 2020.
- Providers reported 18 percent fewer breaches in the first half of 2020, compared with the last six months of 2019.
The emergence of the COVID-19 global pandemic caused organizations to change business and clinical practices rapidly from rolling out work-from-home for employees, driving exponential increases in telehealth visits, and urgently acquiring and installing equipment, including Internet of Things (IoT) and Internet of Medical Things (IoMT). Additionally, healthcare organizations extended capacity by quickly on-boarding previously retired clinicians, and temporary employees; added new locations for drive-thru testing and other needs; and connected to new suppliers.
CI Security anticipates that cyberattacks will surge over the next six months, given hospital records remain a high-value target for hackers; patient medical records are worth as much as ten times more than credit card numbers on the dark web. Healthcare organizations will require more cyber security vigilance than ever before.
The complete findings of the 2020 H1 Healthcare Data Breach Report can be downloaded on CI Security’s website at https://cybersecurity.ci.security/2020-H1-Healthcare-Data-Breach-Report.
About CI Security
CI Security provides Managed Detection Response services, combining purpose-built technology with expert security analysts to perform full-cycle threat detection, investigation, response, and recovery. CI Security is focused on defending critical systems in healthcare, the public sector, and other industries. CI Security helps customers gain critical insight into their security posture through the MDR platform and Information Security consulting services. Find out more at https://ci.security.