On August 22, 2022, the HIPAA Journal released updated statistics on the number of data breaches in the Healthcare industry across the past twelve months. This report highlights the number of attacks, the number of victims, and the financial loss suffered in each attack. As of this report, there have been over 400 successful cyber-attacks on the healthcare industry in 2022 alone. With 70 of these attacks occurring in June and 66 of them in July, there doesn’t seem to be an end in sight. As a matter of fact, for these past two months “the number of exposed or impermissibly disclosed healthcare records topped 5 million” which is “well above the 12-month average of 3,499,029 breaches a month.”
In terms of how these attacks are being carried out, hacking/IT-based ransomware attacks were by far the most common method. Hackers gain access to the network through various methods related to breaking through the organization’s security measures, such as TLS or AES, and then holding the valuable healthcare information for ransom. Without access to this information, healthcare organizations can be rendered unable to complete important medical or informational tasks. Because of this, many are forced to pay the large ransoms, losing hundreds of thousands of dollars to these hackers. According to the HIPAA Journal report, 9 of the 25 top breaches were most likely ransomware attacks which cost an unknown, but large amount of money to retrieve and control the information.
Though the report shows that the amount of cyberattacks goes up and down a bit, varying month to month, (with a low of 43 in Mar and a High of 72 in May) it is clear that these types of attacks are not going anywhere and will continue to plague the Healthcare industry. Because of this, HHS’ Office for Civil Rights has begun enforcing financial penalties on organizations who do not take the proper care to enhance their cyber security to prepare for these threats and thus commit HIPPA violations. In July alone, 12 enforcement actions were announced with financial penalties attached.
“Current security practices are just not enough in today’s climate,” says David Gomes, Chief Operating Officer at Eclypses. “With the rise of reported ransomware attacks, and more expected to come by the end of 2022, companies need to take a look at their security posture and consider where their vulnerabilities lie. Establishing proactive security measures to protect or at least mitigate these attacks will be key in preventing these breaches from increasing. That’s why we’ve developed our MTE technology, a security solution that protects data from the moment the data packet is created all the way to the intended recipient, keeping data safe from bad actors.”
With such a large threat to their businesses hanging over them, healthcare organizations need to take preventative measures to protect themselves from becoming the next victim. While no security can remove the human element involved in something like a phishing attack, ensuring that data is secured completely from endpoint to endpoint is one way to ensure that there are no easy, open vulnerabilities for hackers to exploit. With Eclypses MTE Technology data is secured as soon as it is created. Additionally, When MTE is installed on a device, only that specific device can have access to a private database that also has MTE installed. With this kind of security, hackers would not be able to pair their own devices or browser sessions and therefore not be able to gain access to sensitive information to take for ransom.
Interested in learning more about how to secure your data? Contact Eclypses today.