Rising healthcare breaches driven by hacking and unsecured servers

2020 was a bad year for healthcare organizations in the U.S., which had to deal with a record-high number of cybersecurity incidents on the backdrop of the COVID-19 pandemic.

Hacking and IT incidents affected the industry to a larger extent last year, accounting for more than 67% of all breaches and exposed the personal data of tens of millions of individuals.

Highest breach count

Analyzing data from the U.S. Department of Health and Human Services, threat protection company Bitglass found that the count of healthcare breaches reported in 2020 increased to 599, a jump of more than 50% compared to the previous year (386).

Most of the breaches were caused by hacking and IT incidents, which exposed data from 24.1 million individuals, making them vulnerable to identity theft and phishing attacks.

However, despite the rise in incidents, the total number of affected individuals is slightly lower compared to 2019.

A breakdown of the breaches per state shows that California had the highest number, 49 incidents, followed by Texas with 43.

New York with 39 breaches, and Florida and Pennsylvania, each with 38 breaches, take the next three spots.

Looking at the states that had the largest count of individuals affected, Michigan ranks first, mostly because of a single incident at the Trinity Health healthcare delivery system, which impacted 3.3 individuals.

According to the Ponemon Institute, breaches affecting healthcare organizations are the most expensive to deal with and have the longest recovery time.

On average, the cost per breached record in 2020 was $499, and recovery took about 236 days. Also on the downside is the fact that healthcare institutions take 96 days to identify a breach, more than any other industry.

Ransomware attacks

While the report from Bitglass does not break down the hacking incidents by their type, ransomware attacks likely account for a significant proportion.

Maze, Ryuk, REvil (Sodinokibi), SunCrypt, Snake, and Clop are just some of the ransomware groups that attacked hospitals and healthcare organizations.

A report from Check Point earlier this year named Ryuk and REvil the top threats for the healthcare sector at a global level.

At the end of October 2020, the U.S. Government released a warning about Ryuk ransomware attacks targeting hospitals and healthcare providers. An earlier notification, in April, sounded the alarm about ransomware groups breaching hospitals by exploiting a remote execution vulnerability in Pulse Secure VPN servers.

News about ransomware hitting various hospitals in the U.S. trickled all through 2020, most of them towards the end of the year (1, 2, 3, 4, 5), and some organizations ending up paying the hackers hundreds of thousands of U.S. dollars to return to normal activity.