Data breaches in the healthcare sector in the United States have become increasingly common, with one in four individuals falling victim to cyberattacks this year, according to a survey. Atlas VPN, an internet security firm, published these alarming statistics in a recent report, revealing that approximately 45 million patients’ data was compromised in the third quarter of 2023 alone, compared to 37 million affected last year.
The US Department of Health and Human Services has also been alerted to this concerning trend, with the study indicating that nearly 43 out of 50 states have been targeted by hackers. California and New York hold the unenviable first and second positions, followed by Texas, Massachusetts, and Pennsylvania.
Remarkably, Vermont remains the sole state untouched by healthcare data breaches, an anomaly in the current landscape of cyber threats.
For those curious about why hackers are increasingly targeting health data, here’s a brief overview: healthcare information holds substantial value on the dark web, making it a prime target for cybercriminals. According to a 2021 survey conducted by IBM, a set of 1,000 patient records, encompassing medical history, contact information, and phone numbers, can fetch as much as $120. Bulk data sets can command up to $5,000. Moreover, data enriched with details such as dates of birth and Social Security numbers are in particularly high demand.
In 2023, a staggering 480 breaches were reported in the first three quarters, an increase from the 373 recorded in the previous year. The breach at HCA Healthcare, which saw data from 11 million patients compromised, topped the list of incidents. It was followed by the breach at Managed Care of North America, where the data of approximately 8.9 million dental patients was stolen earlier in the year.
So, how can healthcare information be safeguarded from falling into the wrong hands?
Conducting Threat Assessments: Employ advanced security controls and conduct regular threat assessments to mitigate the risk of data breaches.
Staff Awareness: Educate your staff about the evolving cyber threats to prevent human configuration errors.
Encryption: Implement robust encryption for data in transit and at rest to thwart hackers from accessing or siphoning sensitive information.
Data Backup: Regularly back up data to the cloud and one or two offsite servers to prevent downtime in case of an incident.
BYOD Vigilance: Exercise caution with Bring Your Own Device (BYOD) policies to mitigate the risks associated with connected devices.
Strong Passwords and Multi-Factor Authentication: Utilize strong passwords, preferably 15 characters long with a mix of uppercase and lowercase letters and special characters. Enabling multi-factor authentication provides an additional layer of protection against cyber threats for devices and applications.