This year has shown some unique challenges in the healthcare sphere–from massive attacks to new malicious strategies and more. Keep reading for a mid-year recap and what you can expect for the rest of the year.
Rising Costs and Scope of Data Breaches
This year, we’ve seen an increase in data breaches and their impact; breaches now seem to be occurring more frequently and causing more devastation. The Wall Street Journal found that attacks in 2023 increased 78% from 2022 and are expected to increase further in 2024.
Healthcare is becoming especially targeted by ransomware organizations–these attacks increased by 128% in 2023. Breaches can have a range of impacts on healthcare organizations, from causing operational delays to leading to identity theft. On top of this, the cost of resolving a breach has risen 53.3% since 2020. On average, each breach now costs $10.93 million, which may include investigative and legal fees, operational costs from delays, and costs associated with changing technology or policy.
Even for companies that can monetarily recover, breaches can weaken the public perception of data safety. In particular, the public is becoming both more aware and concerned with how their data is stored, leading to a deluge of class action lawsuits against organizations that have been breached. These lawsuits can be incredibly costly and harmful to an organization’s reputation.
Notable Breaches
Several breaches have stood out as having a large impact on the healthcare environment this year.
- Change Healthcare: So far the largest breach of the year, Change Healthcare (owned by UnitedHealth Group) fell victim to a ransomware attack in late February. The breach is estimated to have impacted 30% of Americans and caused significant operational delays. Numerous lawsuits have been filed regarding Change’s ability to prevent or mitigate the attack.
- WebTPA: The Texas-based third-party administrator faced a breach in mid-2023, but the breach was only discovered by the organization at the end of the year, resulting in an investigation that spanned the first quarter of 2024. It’s believed that 2.4 million individuals were impacted.
- Ascension: In early May, the national health system detected unusual activity in their network. Ascension works with approximately 140 hospitals across 19 states and Washington, DC. While the incident is still under investigation, it’s estimated that millions were impacted and various hospitals faced operational delays.
Other major breaches, like Kaiser Permanente and the recent breach at HealthEquity, highlight the frequency in which the healthcare industry is targeted.
New Attack Strategies
Part of why breaches have increased and become more costly is linked to the new strategies used by threat actors. For companies that don’t keep up with the latest trends, it can become difficult to prevent attacks conducted through new vectors or strategies.
The Wall Street Journal notes that ransomware attacks are evolving and becoming easier to conduct for inexperienced criminals. Ransomware gangs generally infiltrate an organization and then encrypt the data, demanding organizations to pay for access. Increasingly, criminals are also selling the data online. On top of this, some ransomware gangs are franchising their malware and selling it to other criminals.
Criminals are also increasingly attacking third parties or vendors to access protected health information. Healthcare organizations in the US are generally reliant on third parties for a variety of reasons, whether it’s outsourcing lab tests or processing insurance payments. Third parties are a necessity in our complex medical system, but ultimately, a healthcare organization is only as strong as the companies they share data with.
Lastly, the Wall Street Journal highlighted that many organizations are migrating to the cloud. While moving data into cloud environments is a good choice, some organizations are ill-equipped to begin the process themselves, making them more prone to attacks on the cloud.
Cybersecurity Layoffs
Adding complexity to the cybersecurity environment is the precarious economic situation many organizations are facing.
A new report from Forbes detailed that many attacks coincide with or follow IT and cybersecurity layoffs. Kaiser Permanente, for instance, made news for conducting multiple layoffs in the same year–all targeting tech employees.
While organizations understandably want to cut costs, the move to decrease IT workers can make an organization more prone to attack and less able to mitigate or prevent one. While not every organization needs an in-house cybersecurity team, healthcare companies must work with trusted experts to ensure their technology is safe from evolving threats.
Generally, there is also a labor shortage in the cybersecurity field, because skilled cyber experts can be difficult to retain. For many organizations, this leaves outsourcing as the most cost-efficient way to keep data safe and secured.
Looking to the Rest of 2024
With only five months remaining, we expect to see many of the same trends continue.
Currently, many cybercriminals seem to have found a weak spot in US security–healthcare. With more attacks than ever, it’s easier for these actors to aggregate data. Every breach matters, as criminals combine data to create a more complete profile of an individual that can then be used for identity theft or fraud.
Another trend likely to continue or worsen is attacks on third parties. These attacks are particularly devastating because of their ability to quickly impact and spread to other organizations, with patients often feeling confused as to how their data was involved.
For cybersecurity companies, it’s imperative to remain ahead of the game and focus on keeping data secure to prevent costly lawsuits and reputational damages.
How Cloudticity Can Help
For healthcare organizations balancing limited IT and cybersecurity resources, Cloudticity can help by providing cloud security and cloud management expertise and support.
We’ve been a leader in managed security for healthcare over the last decade and have never suffered a data breach. By using a proven security tech stack and processes, our cybersecurity experts keep your data safe and can quickly address any vulnerabilities. On top of this, Cloudticity is HITRUST certified, so your organization can inherit many of the protections of HITRUST simply by using our services.
As a company dedicated to protecting healthcare organizations, we have tools specifically designed to alleviate modern staffing and technology concerns. By outsourcing your cybersecurity needs, you no longer have to worry about obtaining and retaining highly qualified cyber experts. With saved time and money, you can focus on what really matters: driving innovation and serving your patients.
Learn more about how Cloudticity’s Managed Security for Healthcare can help you address cybersecurity needs. Reach out today for a free consultation.