"Attackers Changing Targets From Large Hospitals to Specialty Clinics"

Critical Insight recently released its H1 2022 Healthcare Data Breach Report, which analyzes ​​breach data reported to the United States Department of Health and Human Services by healthcare organizations.  The healthcare industry continued to be a top attack vector for cybercriminals and ransomware threat groups.  The researchers found that the total breaches are declining.  Since the second half of 2020, the total number of breaches has slowly but steadily declined, from the peak of 393 to 367 in the first half of 2021, 344 in the second half of 2021, and 324 in the first half of this year.  Roughly 20 million individuals were affected in the first half of 2022, representing the third consecutive quarter of declining numbers, a 10% drop compared to the prior six-month period and 28% less than the first half of 2021.  When the researchers looked at which segments of the healthcare ecosystem had Hacking/IT Incident type breaches, they now see smaller hospital systems and specialty clinics rising to the top.  Breaches associated with health plans decreased by 53%, but attacks against business associates jumped by 10%, and attacks against providers went up 15%.  The researchers noted that this move from large hospital systems and payers to smaller entities that truly have a deficit regarding cyber defenses shows a massive change in victims and approach.  As we continue into 2022, the researchers anticipate attackers to continue to focus on these smaller entities for ease of attack and to avoid media attention and escalation with law enforcement.

Help Net Security reports: "Attackers Changing Targets From Large Hospitals to Specialty Clinics"