Malicious actors have compromised sensitive health data on tens of millions of U.S. patients so far this year, according to new figures released by the Department of Health and Human Services (HHS).
HHS said there has been a 239% increase in “significant breaches” reported to its Office for Civil Rights (OCR) over the past four years and a 278% increase in ransomware.
The same trends can be seen in 2023 alone, with significant breaches affecting over 88 million people, a 60% year-over-year (YoY) increase. HHS said hacking accounted for 77% of these reported breaches.
It’s unclear from the statement exactly how many breaches were due to ransomware incidents this year, although that appears to be a key factor.
“Ransomware attacks are becoming more and more frequent and are targeting the healthcare system. This leaves hospitals and their patients vulnerable to data and security breaches. said the OCR director, Mélanie Fontes Rainer.
“In this ever-changing space, it is essential that our healthcare system takes steps to identify and address cybersecurity vulnerabilities, while proactively and regularly reviewing risks, records and update policies . These practices should occur regularly in an organization to prevent future attacks.
A Sophos report published earlier this week found that 60% of surveyed healthcare organizations (HCOs) experienced a ransomware breach in the past year, up from 66% in 2022. However, data was successfully encrypted in 75% of these incidents, with HCO being capable of disrupting an attack before this step. the destruction chain in only a quarter of cases, compared to 34% in 2022.
Jan Lovmand, CTO of BullWall, argued that ransomware attacks in the industry have become a serious threat to health and security.
“These attacks not only disrupt the delivery of essential medical services, delaying critical surgeries and treatments and putting patients’ lives at risk, but also compromise the security of sensitive patient information,” he added.
“Hospitals and healthcare facilities are particularly attractive targets for cybercriminals, and their reliance on technology to manage everything from patient records to surgical equipment makes them particularly vulnerable. Added to this are their limited resources to invest in cybersecurity measures.