Report reveals latest cybersecurity trends in the U.S. healthcare sector

TENNESSEE, UNITED STATES — Fortified Health Security recently released its 2024 Mid-Year Horizon Report, which offers crucial insights into the current state of cybersecurity in the healthcare sector. 

The report, based on data from the U.S. Department of Health and Human Services Office for Civil Rights (OCR), reveals both encouraging trends and persistent challenges in the industry’s fight against cyber threats.

Slight increase in breaches, decrease in exposed records

Despite initial appearances of improvement, the report shows a marginal increase in healthcare data breaches:

• Mid-year 2023: 357 breaches
• Mid-year 2024: 362 breaches

However, there’s a silver lining in the number of patient records exposed:

• Mid-year 2023: 50 million records
• Mid-year 2024: 43 million records

However, the report emphasized that the 2024 figures do not yet include data from the significant Change Healthcare and Ascension breaches, suggesting that actual numbers are likely higher than reported.

Business associate reported breaches

The report also highlights a notable decrease in breaches reported by Business Associates (BAs). Despite the number of breaches reported by BAs decreasing by 35% year-over-year, BA-related breaches still account for almost 39% of all reported breaches.

This underscores the ongoing importance of robust third-party risk management in healthcare cybersecurity.

Hacking incidents on the rise

Fortified Health Security also revealed an increase in hacking and IT incidents:

• Mid-year 2023: 270 incidents
• Mid-year 2024: 284 incidents

Conversely, unauthorized access or disclosure incidents decreased from 75 to 64 during the same period.

Network servers as prime targets for cybercriminals

Network servers also remained the primary focus for threat actors targeting healthcare organizations. These servers often house the most sensitive patient data and are interconnected with critical systems, making them attractive targets.

Legislative landscape evolves to address cybersecurity concerns

The report outlines significant developments in healthcare cybersecurity legislation and policy during the first half of 2024. Notable updates include:

• Introduction of Health and Public Health (HPH) Cybersecurity Performance Goals (CPGs) by HHS
• Release of NIST Cybersecurity Framework 2.0
• Proposed Health Care Cybersecurity Improvement Act of 2024

Dan Dodson, CEO of Fortified Health Security, commented on the legislative progress: “The speed at which the government is moving to address cybersecurity issues within our sector is unprecedented.”

Strengthening cybersecurity defenses

The report also recommends that healthcare organizations focus on fortifying their defenses, particularly through stronger vulnerability threat management. 

“These unparalleled incidents serve as a stark reminder of the vulnerabilities faced by healthcare organizations, particularly concerning third-party vendors throughout the entire healthcare supply chain and the rise in more sophisticated social engineering attacks,” Dodson added.