The healthcare industry, next to finance such as banks, has a high vulnerability to cyberattacks such as data breaches. During the pandemic, experts debated whether the risk of data breaches and attacks would increase or decrease. The discussion stemmed from the fact that 2019 saw a whopping 60% increase in the number of malware infections within the healthcare sector.
The Protenus Breach Barometer backed the trend as it determined that there was a 49% increase in hacking, which led to more than 41.4 million patient records being breached. Compared to 2018, when cyber criminals breached 15 million records, this increment was astronomical.
The anticipated use of unsafe networks and devices during the pandemic had many wondering whether the trend would continue and we’d witness another big jump in healthcare data breaches in 2020.
By July, COVID-19 related phishing scams and schemes had peaked mid-April. However, there were major incidents that conveyed the message that businesses in the healthcare sector should not be lulled into a false sense of cybersecurity.
From colleges to medical institutes, hospitals, insurance providers, and other related companies are all vulnerable to healthcare data breaches in 2020. The following two examples illustrate the need for such companies to approach managed IT, service providers to secure their forces and prevent a breach from impacting their patient and financial records.
Health Share of Oregon
Health Share of Oregon is one of the state’s largest Medicaid coordinated care companies. The incident took place earlier this year before the lockdowns were mandated across the nation. The organization reported that the data breach happened due to a stolen laptop.
The device belonged to one of the transportation vendors Health Share of Oregon employs. Over 654,000 patients were notified of the breach as the device contained names, contact information, birth details, and Medicaid ID numbers on the laptop but no patient histories.
This incident in particular shines a light on an aspect of cybersecurity that is often ignored – physical security and vendor management. To fully protect your records, your verticals should also have strong cybersecurity protocols in place.
As a result, the organization updated its audit processes and focused on workforce training for internal employees and as well as their contractors.
In April 2020, Magellan Health and some of its clients reported breach incidents. The attack impacted over 365,000 patient and employee records and personal information through a sophisticated ransomware attack deployed into the organization’s network.
Using social engineering methods, the criminals impersonated a client and exfiltrated data by gaining access to internal servers. Five days later, the criminals placed the ransomware and then continued to steal employee credentials and passwords as well as patient records, insurance information, and more.
This phishing incident points out how advanced social engineering and phishing schemes have become in recent times. NuMSP provides IT services, including IT security and assessment. This allows us to assess vulnerabilities in your system and then designing a solution that keeps you protected from healthcare data breaches in 2020.