Indianapolis, IN – Health care data breaches are on the rise, with over 144 million Americans’ medical information being compromised in 2023 alone. This record-breaking number of breaches highlights the urgent need for improved cybersecurity measures in the health care industry, as reported by a recent analysis of Health and Human Services data by USA TODAY.
The most significant breach occurred in February when a ransomware attack targeted Change Healthcare, the nation’s largest health care payment system owned by UnitedHealth Group. Handling a third of all patient records and processing 15 billion health care transactions annually, Change Healthcare’s breach underscored the vulnerability of the health care ecosystem to cyberattacks.
According to John Riggi, a national advisor for cybersecurity and risk for the American Hospital Association, the COVID-19 pandemic has accelerated the integration of remote and third-party technologies in health care, making the sector more interconnected and susceptible to cyber threats. While these technologies enhance patient care accessibility, they also provide hackers with greater access to critical health care systems and records.
Data breaches targeting third-party vendors contracted by hospitals have tripled since 2019, growing at a faster rate than direct attacks on traditional health care providers, indicating a shift in cybercriminals’ tactics. As Riggi points out, hackers have realized the efficiency of targeting common business associates to obtain vast amounts of sensitive data in one go.
The rise of ransomware attacks, where cybercriminals demand large sums of money to restore access to medical data, has become a significant concern for the health care industry. These attacks pose risks to patient safety as they disrupt patient care, lead to the exposure of protected health information, and result in billing and payment issues that can persist for months.
Moving forward, there is a growing emphasis on increasing cybersecurity budgets within hospitals and health care organizations to bolster defenses against future cyber threats. Lawmakers and regulators are also directing attention towards proposing measures to safeguard health care organizations and ensure their financial stability in the face of escalating cyber risks. This shared responsibility underscores the ongoing efforts needed to address the cybersecurity challenges facing the health care sector.