• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Health care data breaches decline, but threats remain

Article

Growth in remote work, cloud data storage present opportunities for hackers

The first half of 2022 saw some gains in the battle to safeguard health care records, a new report finds, but progress remains uneven. 

According to cybersecurity firm Fortified Health Security, the number of data breaches reported to the U.S. Department of Health and Human Services Office for Civil Rights affecting at least 500 health records dropped by 8.4% compared to the same period in 2021, from 368 to 337.

In addition, the number of records affected by breaches was down by about 40% from the first half of 2021, although was still 138% higher than 2020. Health care providers accounted for the great majority of the breaches with 72%, followed by business associates (16%) and health plans (12%).

“While the trendline from mid-year 2021 to today is down, overall breach numbers and affected records remain stubbornly high,” the report states. “The potential attack surface for hospitals and health systems continues to grow as employees work remotely and more medical, financial, and operational technologies move to the cloud.”

While it’s too soon to know, this year’s dropoff in reported data breaches may be an anomaly. According to the report, it was only the second time since 2010 that the number of reported breaches saw a year-over-year decline.

In terms of causes of breaches, those the report calls “malicious attacks” increased to 80% from 73% in the first six months of 2021. The rest were attributed to unauthorized access, theft, loss or improper disposal. It marked the sixth consecutive year malicious attacks was the leading cause of breaches.

The report found that breaches were heavily concentrated among a relatively small number of health care organizations, with seven entities accounting for 31% of 2022’s total to-date. Among these have been an imaging provider (two million records), a California health plan (854,000), a billing company (510,000) and a business service provider (500,000).

“The continued prevalence of healthcare cyberattacks should serve as a wakeup call for all healthcare leaders to assess their current security postures and take action to decrease risk and increase visibility and capabilities,” the report says.

Related Videos