Security News > 2023 > August > Critical Insight Reports Fewer Cybersecurity Breaches in Health Care, Yet Victim Numbers Are Up in 2023

A new study by Critical Insight shows that cybersecurity attacks in the health care sector are hitting more individuals and finding vulnerabilities in third-party partners.

A new study by cybersecurity firm Critical Insight noted that while the sheer number of breaches against health care facilities is actually down, there is a spike in the number of people who have been affected by attacks as well as an increase in supply chain and third-party targets.

Breaches down, but number of individual records compromised, way up Third-party vulnerabilities a rising threat vector Hospitals, clinics, physician groups are top targets Health organizations should take pulses, including partners' Breaches down, but number of individual records compromised, way up.

According to the report, based on an analysis of data breaches reported by health care organizations to the U.S. Department of Health and Human Services, total breaches of organizations dropped 15% in the first six months this year, versus the second half of 2022.

According to the study, attacks against third-party partners were "Significantly higher than individuals affected in healthcare provider and health plan-related breaches." Critical Insight reported that of the 40 million exposed records, 48% were linked to business associates, while 43% were associated with healthcare providers.

Figure C. One example cited by Critical Insights of an attack via third-party vulnerabilities was supplementary benefits company NationsBenefits Holdings, which disclosed that a breach originating from its own third-party cybersecurity services provider impacted 3 million individuals in its system.

News URL

https://www.techrepublic.com/article/health-care-cybersecurity-study/