Privacy Briefs: September 2023

The number of data breaches affecting health care providers declined in the second half of 2022, consistent with a downward trend over the past two years, according to a report from cybersecurity firm Critical Insight. Total breaches dropped 9% between the first six months of 2022 and the second half of the year and, in fact, have been declining since a high-water mark at the height of the pandemic, the report found. However, a deeper dive into the data reveals that breach totals still are higher than pre-pandemic levels, breaches are affecting more individuals, and hackers are shifting their tactics to attack weak links in the health care system supply chain—most notably attacking electronic health record systems—the report found. There was a 35% increase in total records affected in the second half of 2022, the analysis said. “In other words, [there were] fewer breaches, but larger breaches, reflecting consolidation within the industry and the evolving tactics of attackers,” the report said. Providers are the top target: some 69% of breaches in the second half of 2022 involved health care providers, the report said. However, hackers are stepping up their attacks on business associates, Critical Insight said. In 2020, business associates accounted for just 9% of breaches; in 2022, they account for 17% of breaches, the report said. “Historically, breaches associated with business associates involve more records per breach,” Critical Insight said.[1]

Breaches in health care represent the most expensive data breaches, with the average cost of a health care breach reaching nearly $11 million in 2023, according to IBM Security’s Cost of a Data Breach report. Across all industries, the average cost of a data breach reached an all-time high in 2023 of $4.45 million, representing a 2.3% increase from the 2022 cost of $4.35 million, the report said. “Taking a long-term view, the average cost has increased 15.3% from $3.86 million in the 2020 report,” IBM Security said. The average cost of a breach in health care jumped 8.2% from 2022 to 2023, and over the past three years, has grown 53.3% overall, the report said.[2]

This document is only available to subscribers. Please log in or purchase access.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field