Experts caution against drawing sanguine conclusions from latest US health department data

Data from the US Department of Health and Human Services (HHS) reveals surprising evidence that the number of healthcare data breaches may have fallen over the last six months.

An analysis by CI Security found that the number of healthcare breach reports in the first half of this year was down 10.4% compared to the second half of 2019, with the number of breached records falling by nearly 83%.

However, the researchers are concerned that the data might disguise certain adverse trends arising from the Covid-19 crisis.

“What worries us most is that the lower number of reported breaches may be tied to a pandemic distraction problem: with healthcare organizations scrambling to meet mission requirements in the midst of the pandemic, we wonder how many have been breached, but don’t know it yet?” Drex DeFord, a CI Security healthcare strategy executive, tells The Daily Swig.

Latent infections

“Cyber teams have taken heroic measures to bend and flex to support the mission, and we worry that some cybersecurity programs may be stretched beyond their limits – work-from-home, telemedicine and connecting to new suppliers have opened up new attack vectors.”

And, he adds, “with healthcare orgs taking upwards of 300-plus days to detect a breach, it may be that cybercriminals are already inside networks, waiting for the right time to spring their traps.”

In some cases, the researchers suggest, organizations may have misunderstood HHS exceptions issued during the pandemic, leading them to believe they had a Covid 19-related extension beyond the required 60-day window for reporting.

The decline in healthcare data breaches chimes with a recent report (PDF) from the Identity Theft Resource Center (ITRC), which found that the number of data breaches overall decreased by 33% in the first six months of 2020, compared to the same period in 2019.


RECOMMENDED Anatomy of a healthcare data breach dissected at Black Hat 2020


The researchers suggest that this may be because attackers already have plenty of identity information, and are busy exploiting what they’ve already got.

Certainly, says Bharat Mistry, principal security strategist at Trend Micro, his security firm hasn’t seen any reduction in healthcare attacks.

“In fact, they still rank in the top three verticals being hit,” he tells The Daily Swig. “Healthcare is generally seen as an easy target to go after, as often they lack the necessary skills, tools and budget.”

‘Moral compass’

However, he does accept that the dip in reported breaches “could be in part down to the current exceptional circumstances with Covid-19” insofar as “cybercriminals have developed their moral compass knowing that healthcare is under undue pressure and strain, and hence have diverted their attention to other more lucrative organizations.”

Whatever the reason, CI Security believes that the current dip is likely to be temporary – indeed, says the firm, with patient medical records worth as much as $1,000 on the dark web, the number of cyberattacks is likely to surge over the next six months.


Read more of the latest healthcare security news


Meanwhile, with far more people working from home than ever before, an increase in the use of telemedicine, and new Covid testing locations being added all the time, bad actors have plenty of new attack vectors to choose from.

Indeed, suggests Warren Poschman, senior solutions architect at Comforte AG, the healthcare industry may be the most vulnerable of all industries to cyber-attacks.

“The security challenge for healthcare operators is extremely difficult, especially when data is stored in different locations and accessed through various technologies,” he tells The Daily Swig.

“However, we may be seeing a shift in approaches from ‘secure the technology,’ to ‘secure the data,’ which will reduce the threat of data loss and exposure when – not if – a cyber-attack happens.”

Servers: The soft underbelly

According to the CI Security report, network servers were the location where, once breached, the greatest number of records were exposed.

Email, meanwhile, was blamed for the breach of over three million records in the first half of 2020, up 86% on the last half of 2019. There were also 29 times more records exposed through lost or stolen laptops in the first half of 2020 than during the second half of 2018.

“The world continues to change, and today’s front-line cybersecurity defender is every employee with an email account and a web-browser. One wrong click by those employees, and the preventative measures are defeated,” says Drex DeFord.

“So put your Security Operations Center into overdrive. The key to the operation is to be able to quickly detect a problem, stop it in its tracks, kick the cybercriminal out of the network, and return to normal operations as soon as possible.”


RELATED Medical records exposed in data breach at Illinois healthcare system