02 Jan Healthcare Cybersecurity Study: Over 4.7M Records Compromised in 2017
The frequency of healthcare data breaches is increasing, according to a study by managed security services provider (MSSP) Fortified Health System.
Key findings from the Fortified “2018 Horizon Report” included:
- The number of healthcare entities impacted by data breaches rose 25 percent year over year in 2017.
As of November, 303 healthcare entities had experienced a large breach, and over 4.7 million health records have been compromised this year.
- Over 40 percent of all healthcare breaches were caused by hacking this year, which represented a 10 percent year-over-year increase.
- Providers accounted for 80 percent of all healthcare entities breached and over 90 percent of all individuals impacted thus far in 2017.
- Overall, healthcare providers have experienced over 240 breaches this year, and this number is expected to exceed 260 by the end of the year.
- Hackers have momentum, and cybersecurity breaches are happening more often than ever before in healthcare, according to Fortified. However, a security program that emphasizes employee education and patching can help healthcare organizations reduce the risk of a large-scale breach.
2018 Healthcare Cybersecurity Outlook
Fortified offered the following projections for healthcare cybersecurity in 2018:
- Expect a double-digit increase in breaches. The number of healthcare entities breached is expected to increase between 10 percent and 20 percent next year.
- More WannaCry variants will emerge. The May 2017 WannaCry ransomware attack caused massive devastation to organizations around the globe. WannaCry variants followed the initial cyberattack, and new WannaCry variants will affect healthcare organizations in the foreseeable future.
- Breaches due to third-party risk management failure will increase. Healthcare organizations that lack comprehensive business associate risk management programs face potential breaches in 2018.
- Healthcare organizations may encounter new threats due to the IoT. Many healthcare organizations are implementing Internet of Things (IoT) devices. Meanwhile, the rapid deployment of IoT devices across healthcare may lead to an increase in IoT malware.
Although healthcare organizations are susceptible to a wide range of cybersecurity risks next year, there are many ways to mitigate these dangers. In fact, Fortified provided the following recommendations to help healthcare organizations limit cyber risk:
- Treat security as a business issue. Ensure security decisions are made at each level of an organization.
- Prioritize patch management. Develop a patch management program and implement patches regularly.
- Execute corrective action plans. Follow corrective action plans to speed up breach remediation.
- Maintain compliance. Perform an annual HIPAA risk analysis and update any corrective action plans as needed.
Ultimately, healthcare organizations must find the right balance between enabling patient engagement initiatives and securing patient data, Fortified stated. To accomplish this goal, healthcare organizations must evaluate and manage cybersecurity risks, Fortified said, and take a proactive approach to mitigate these dangers.