Data breaches of confidential hospital records have been on the rise in recent years.
Researchers affiliated with the University of Minnesota released a study in December 2022 detailing the frequency of ransomware attacks from 2016 to 2021 in the United States. During their investigation, they observed data from 374 documented attacks from the Tracking Healthcare Ransomware Events and Traits database.
They discovered that the annual number of ransomware attacks on healthcare systems more than doubled between 2016 and 2021. These breaches over the years exposed the data of almost 42 million individuals.
“Almost half (166 [44.4%]) of ransomware attacks disrupted the delivery of health care, with common disruptions including electronic system downtime (156 [41.7%]), cancellations of scheduled care (38 [10.2%]), and ambulance diversion (16 [4.3%]),” the authors said in the study.
Prior to this study, other researchers attempted to better understand both the method and target of these attacks.
“Our study observed that at present, attacks on sensitive healthcare data are being perpetrated by cyber criminals who use different techniques such as malware, ransomware, or phishing attacks to prey on EHRs,” said the authors of a 2020 study in Saudi Arabia. “Email and Network servers have become attack-prone locations for hackers.”
For its part, the United States Department of Health and Human Services (HHS) has detailed data on the types of breaches targeting healthcare entities across the nation that are currently under investigation. Most of these data breaches occurred between 2020 and the present via network servers, emails, or electronic medical records.
Recently impacted entities in Texas include the Vascular Institute of North Texas, Live Oak Surgery Center, Dallam Hartley Counties Hospital District, and more.
As recently reported by USA Today, while the frequency of cyber-attacks has gone up dramatically in the past few years, the number of investigations completed by the HHS has gone down.
Hackers have also enlarged their scope, no longer restricting themselves to targeting highly visible brands but also small rural hospitals.
The University of Minnesota’s Hannah Neprash, an assistant professor of health policy and management, attributed the rise in data breaches and shift in target during COVID-19 to hackers using the health crisis as an opportunity.
“It was very much a conscious decision on the part of ransomware actors to take advantage of the fact that the health care system was pretty overwhelmed,” said Neprash, according to USA Today.
Hackers hungry for high ransom payments “look for targets who can’t fight back, who can’t afford to not pay,” Charles Henderson, one of the heads of IBM Security X-Force, told USA Today.
In this regard, high-stakes actors like hospitals and other health providers are perfect marks.
“If you’re looking for a target that’s more likely to pay a large sum of money, health care’s got to be at the top of your list,” explained Henderson.