Security News > 2022 > August > Attackers changing targets from large hospitals to specialty clinics

With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, H1 2022 saw an interesting change in targets as attackers moved from large hospital systems and payers, big targets that would likely yield the most data but also have more sophisticated defenses, to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget.

Total breaches are declining: The number of reported breaches crested during the second half of 2020 when organizations were so distracted by the pandemic that attackers had an easier time breaching their defenses.

The total number of breaches has slowly, but steadily declined, from the peak of 393 to 367 in the first half of 2021, 344 in the second half of 2021, and 324 in the first half of this year.

Who is getting breached?: Healthcare providers represent 73% of total breaches, business associates represent 15%, and health plans 12%. The interesting trend is that breaches associated with healthcare providers dropped from 269 in the first half of 2021 to 238 in the first half of 2022.

EMR-related breaches soared from zero in the first half of 2020 to nearly 8% of all breaches in the first half of 2022.

One thing we're watching: When we look at which segments of the healthcare ecosystem had Hacking/IT Incident type breaches, we're now seeing smaller hospital systems and specialty clinics rising to the top.

News URL

https://www.helpnetsecurity.com/2022/08/29/data-breach-healthcare-organizations/