par John R. Fischer
, Senior Reporter | September 01, 2021
Cyberattackers are shifting their focus more toward smaller healthcare providers, seeing them as easy targets.
Outpatient facilities, including family medicine and specialty clinics, were targeted almost as often as hospitals in the first half of 2021, while business associates like claims processors accounted for 43% of all healthcare breaches, according to a report by cybersecurity firm Critical Insight.
This, it says, is because smaller healthcare organizations usually use the same technology as larger hospitals, which makes them just as easy to attack. They also have less money to spend on security features, reports Healthcare Dive
"As these and other third-party breaches continue to make the news, it demonstrates that attackers are paying more attention to this ecosystem of vendors as a vulnerable link in the cybersecurity chain," said the report.
HHS reported 141 breaches, compared to just 66 in the second half of 2019, says the report. Breaches at healthcare facilities were significantly higher in the first half of the year, compared to the same time last year, and higher than any six-month period since 2018. HHS divides breaches into theft, improper disposal, loss, unauthorized access or disclosure, and hacking or IT incidents. Hackings and IT incidents took place nearly three times as often as in 2018, while the total number of breaches are twice as high as they were back then.
"This issue will only continue to grow and become more complex. We predict that there will be the most breaches ever reported in the second half of 2021. Shore up detection and response capabilities because it's not 'if' a healthcare facility or business associate will be breached, it's 'when'", Critical Insight told HCB News.
To address these issues, it recommends using periodic security training and onboarding to train staff; performing risk assessments or self-assessments to determine a budget needed to address these incidents; and outsourcing to detection and response providers to lower the impact of an incident and reduce time spent dwelling on the issue, as well as avoid hefty costs. "Pull all the right people into the room and discuss scenarios and practice your plan so you are prepared when something happens," said the company.
One hospital recently hacked was University Medical Center. REvil, a notorious hacker group, infiltrated one of its servers
in Mid-June and later posted on its website images of Nevada driver's licenses, passports and social security numbers belonging to patients.