Will Healthcare Continue to See an Increase in Cyber-Attacks?

F.J. Thomas

Sarasota, FL (WorkersCompensation.com) – Due to the nature of information involved, healthcare is always at risk for cyber-attacks, and potential lawsuits as a result. According to a Becker’s Hospital report, a class action lawsuit was just recently filed due to an August data breach that impacted around 216,500 patient records. Memorial Health System of Marietta, Ohio, experienced a Hive cyber-attack on August 15th that not only shut down their computer systems, but also caused surgeries to be canceled and ambulances to be rerouted. According to the notification from the health system, critical patient information including date of birth and social security numbers were actually exported in the attack.

According to a recent report from The Cybersecurity and Infrastructure Security Agency, the Ukraine has experienced a rash of cyber-attacks involving not only website defacement, but also malware attacks that harm critical functions. The particular malware used in these attacks known as NotPetya and WannaCry have been seen before in 2017. According to a CNN report, Department of Homeland Security issued a warning on the 23rd of potential cyber-attacks against the US from Russia in retaliation to the US or NATO’s response to a potential Russian invasion of Ukraine. There is some speculation that the attacks on the Ukraine have been somewhat of a proving ground for future attacks on the US. According to the governmental warnings, hackers are taking advantage of the vulnerabilities of log in coding known as Log4j, and healthcare entities are particularly at risk.

In 2021, the number of reported data breaches reported by healthcare systems was 616, compared to 226 in 2020. In 2019, a total of 512 breaches were reported. Last year saw a continual increase in the number of breaches reported.

In first quarter alone, there were 4.5 times as many breaches as reported the previous year, with 119 reported in 2021 compared to 26 reported in 2020. In 2019 however, there were 103 breaches reported. The fourth quarter of 2021 saw the most number of breaches reported at 187. In 2020, only 80 cases were reported in the fourth quarter, and in 2019 a total of 130 cases were reported during that same time period.

The total number of individuals included in 2019 data breaches was 42.3 million. For 2020, the total number of records decreased to 14.4. However, the total number of patient records involved in data breaches in 2021 has risen to 44.8 million.

So far for 2022, there have been 33 breaches reported by healthcare systems with 1,981,177 total patient records impacted.

When breaking down the data breach statistics, the results beg the question of why 2020 was a less active year in comparison to the years before and after? Additionally, in light of the recent government warnings, will we continue to see an increase in healthcare cyber-attacks in 2022?