Tech & Innovation in Healthcare

Nearly 80 percent more data breaches occurred in 2022 than 2021.

Cybersecurity professionals in healthcare need to stay on top of emerging threats before a data breach lands your organization on the front page. In addition to the traditional attacks of viruses, phishing, and ransomware, cybersecurity teams need to prepare for social engineering and third-party breaches threats in the new year.

Find out if your cybersecurity strategy is ready for more and innovative threats that may be coming.

Study These Startling 2022 Data Breach Statistics

Breaking data breach news alerts sounded every month in 2022, and the healthcare industry wasn’t immune to the threats. This trend had healthcare cybersecurity experts taking notice. “2022, no doubt, has been a year of breaking data breaches news. Data breaches have continued to progressively rise since 2020,” says Funso Richard, CISA, CISM, CDPSE, CCSFP, information security officer for Ensemble Health Partners in Cincinnati, Ohio.

In fact, from Jan. 1, 2022, to Dec. 16, 2022, 594 data breaches were reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In the same timeframe during 2021, only 255 data breaches were reported. That is an increase of 79.8 percent year over year.

Note: Only data breaches affecting 500 individuals or more were reported to the OCR as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, Section 13402.e.4.

In their 2022 Data Breach Investigations Report (DBIR), Verizon found that external threat actors carried out 61 percent of healthcare data breaches in 2022 and that 95 percent of the breaches had financial motivations. Also, Verizon found that personal and medical data accounted for 58 and 46 percent of the data compromised in the breaches, respectively.

Several factors have contributed to the dramatic rise in healthcare data breaches. Some of those factors include:

• Exploiting old breaches
• New threat actors
• Third-party breaches

However, one of the major factors revolves around a tool widely used by computers running online services. “One of the reasons for the increase is the Log4j vulnerabilities discovered in December 2021. As many technologies utilize Apache libraries, it is not surprising to have seen data breaches and other cyber incidents go up at an alarming rate,” Richard says.

Log4J is a logging tool that several companies, organizations, and services use. The Java-based tool was found to have “multiple vulnerabilities, including multiple remote code execution flaws that can provide an attacker total control of a system,” wrote the Health Sector Cybersecurity Coordination Center (HC3) in a Jan. 20, 2022, Log4J vulnerabilities threat brief.

Developers discovered Log4Shell in November 2021. The vulnerability hadn’t been noticed since 2013, and threat actors used this exploit to access sensitive information. While various Log4J updates have been released and implemented over the past year, healthcare organizations were “highly vulnerable” due to having several connected devices that could be several years old and may not be receiving regular security updates.

Learn What Threats Are Trending for 2023

Cyberthreats that experts have grown accustomed to dealing with, such as phishing scams, ransomware attacks, and viruses, will continue to be troublesome throughout 2023, but cybersecurity professionals should prepare to handle other types of emerging threats, as well. “Besides ransomware, healthcare organizations should pay attention to insider threat activities, identity and access vulnerability exploitation, third-party risks, and social engineering,” Richard says.

Examples of these emerging threats include:

• Insider threats: A negligent staff member who absent­mindedly shares their login credentials on a company-wide messaging service.
• Vulnerability exploitation: A threat actor accesses your systems by taking advantage of a security hole in unpatched software.
• Third-party risks: A threat actor breaches a payroll company’s network and then uses that access to breach the company’s clients, such as your healthcare organization.
• Social engineering: A staff member opens an email from what appears to be a coworker’s email address with the subject line reading “Account Locked.” The spoofed email address was created by threat actors, and the email requests the recipient’s username and password to “unlock” the recipient’s account.

“Given the high number of data breaches so far, brand spoofing, impersonation and targeted phishing attacks will increase in 2023,” Richard says.

Realize What Security Measures Work and Where to Improve

According to the Verizon DBIR, “Healthcare is the industry where the internal actor has figured prominently in breaches since [the company] first began collecting and reporting data.” Incidents involving internal threat actors aren’t considered malicious as much anymore, but rather more accidental where the events fall under a “Miscellaneous Errors” category. These incidents are just as important to report and disclose as breaches from malicious threat actors because the risks and consequences are the same.

Staying ahead of cybersecurity incidents in 2023 doesn’t require any magic plan. The key to effective cybersecurity lies in what the security team and the healthcare organization do every day. You can help protect your healthcare system by using essential best practices, such as:

• Security awareness
• Data protection
• Email protection
• Effective monitoring and patching
• Effective risk assessment
• Effective incident response

“Healthcare practices and organizations also need to evaluate their current controls to determine what works and what should be improved. Based on recent research, healthcare organizations should invest in threat-adaptive intelligence capabilities to proactively prepare for the changing threat landscape,” Richard adds.

Threat intelligence is a dynamic security technology that analyzes your organization’s threat history and provides findings, so you can take the appropriate steps to defend against repeat or emerging threats. This technology is beneficial to help protect against new cyberthreats that have yet to take shape.