Close this search box.

Cybersecurity: Healthcare accounts for 24.7% of breaches

As health systems and hospitals were under stress as a result of the current global health crisis, their IT departments also faced critical situations and staff shortages as they battled relentless cyber attacks.

Cyber security breaches hit a historic high in 2021, exposing a record amount of patients’ protected health information,
according to a report by Critical Insights

In 2021, 45 million individuals were affected by attacks on healthcare data, up from 34 million in 2020. That number has tripled in just three years to 14 million in 2018, according to the report, which analyzes healthcare data breaches reported to the U.S. department of health and human services by healthcare organizations.

The total number of individuals affected has increased by 32% from 2020, meaning that more records are exposed for data breaches in the healthcare sector each year.

The total number of violations increased by only 2.4%, from 663 in 2020 to 679 in 2021, but still reached historic records.

Whether as a ransomware attack vector, credential collection, or device theft, healthcare is the primary target for attackers to monetize with personal patient information and sell on the Dark Web or hold an entity unable to provide patient care until ransomed.

As we move into 2022, healthcare organizations need to be aware of cybersecurity requirements

According to a study by Tenable, an American cybersecurity company, 1,825 data breach incidents were publicly disclosed between November 2020 and October 2021.

The industries most affected by data breaches in the healthcare sector were (24.7%), education (12.9%), and government (10.8%). In Brazil, the segments that suffered the most from cyber incidents were government (29.8%) and the financial sector (27%), respectively.

Also according to the study done by Critical Insights, data breaches in the healthcare industry, especially against health plans will increase by almost 35% from 2020 to 2021.

And attacks against business partners or third-party vendors increased by almost 18% from 2020 to 2021.

In Brazil, examples such as the Fleury group, the Hospital das Clínicas de São Paulo, the hospitals Sírio-Libanês, do Amor (formerly the Cancer Hospital), Santa Casa de Barretos, and Laboratório Gross have also been victims of cybercriminals against their institutions’ cybersecurity in recent years.

One of the most recent cases occurred in October 2021 with insurer Porto Seguro, which also has a segment related to health plans, the cyber attack caused instability in service channels and in some of its systems. Even non-insurance products, such as credit cards, have experienced instability.

Cyber attacks against providers, where most breaches are historically reported, have declined somewhat after peaking in 2020. Last year, 493 providers reported a data breach, a drop of about 4% from 515 in 2020.

However, it is too early to tell whether this modest improvement represents the beginning of a longer trend in the right direction, according to the report’s authors.

The years 2021/22 offered a ‘perfect storm’ for cybercriminals with ransomware attacks targeting enterprise cybersecurity

In practice, thecybersecurity teams are trying hard and trying to do a good job of reinforcing their defensesWhether internally or through partnerships with managed security providers, the measures are a response to the increase in attacks that occurred in 2020, when cybercriminals increased their efforts to take advantage of vulnerabilities exposed during the first chaotic days of the pandemic.

Cyber security incidents remain the most common cause of breaches with a 10% increase by 2021. Cybercrime was also responsible for the vast majority of individual records affected by breaches, which means that these records were probably sold on the dark web, according to the report.

The data also indicates an increase in cybercriminal incidents in ambulatory/specialty clinics, which saw a 41% increase in these types of breaches in 2021 compared to 2020.

As we move into 2022, healthcare organizations need to be aware not only of their cybersecurity posture, but also of third-party vendors who have access to data and networks. We are seeing more awareness and proactive approaches to cyber security in this industry, but there is still a long way to go.


Cyber security in 2022 will be marked by major attacks on the healthcare sector

This is no time for healthcare organizations’ cybersecurity teams to let their guard down. Cybercriminals are aiming at bigger targets. Exploits, especially ransomware, are becoming more sophisticated.

Cybercriminals are expanding their activities to take advantage of security vulnerabilities throughout the healthcare supply chain, from business partners to health plans and outpatient facilities.

To strengthen their defenses, healthcare organizations need to establish a comprehensive risk management program and should classify their business partners by risk level based on the type of data that third parties can access.

Other steps organizations can take include establishing procedures and processes to evaluate third parties before granting access to data, emphasizing protection in any business agreements with third parties, and working with cybersecurity companies for managed intrusion detection and response services.

CipherTrust Data Security Platform is an important resource in combating data breaches in the healthcare industry

According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.

To handle the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:

CipherTrust Transparent Encryption

Encrypts data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.

CipherTrust Database Protection

It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.

CipherTrust Application Data Protection

It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.

CipherTrust Tokenization

It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.

CipherTrust Batch Data Transformation

Provides static data masking services to remove sensitive information from production databases so that compliance and cybersecurity issues are alleviated when sharing a database with a third party for analysis, testing, or other processing.

CipherTrust Manager

It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.

CipherTrust Cloud Key Manager

It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.

CipherTrust KMIP Server

It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.

CipherTrust TDE Key Manager

Centralizes key management for encryption found in Oracle, SQL and Always Encrypted

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables healthcare organizations to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.

It simplifies data cybersecurity, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading cybersecurity company.

Tool portfolio that ensures data and cyber protection

With data protection products from the CipherTrust Data Security Platform, your healthcare organization can:

Strengthen cybersecurity and compliance

CipherTrust data protection products and solutions address the demands of a number of cybersecurity and privacy requirementsincluding electronic identification, authentication, and trust, Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Law (LGPD)among other compliance requirements.

Optimizes efficiency of staff and resources related to cybersecurity

CipherTrust Data Security Platform offers the broadest support for handling personal patient data in data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.

With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.

In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.

Reduces total cost of ownership

CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for new use cases, and have a proven track record of protecting new and traditional technologies.

With CipherTrust Data Security Platform, healthcare institutions can prepare their investments for the future while reducing operational costs and capital expenditures.

About Eval

With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

About the author

Other posts