A report from cybersecurity vendor Critical Insight found that 40 million patients' medical information has been involved in data breaches so far this year; at this rate, 2023 will break the record for most individuals affected in breaches.
The report found that total breaches had dropped 15 percent compared to the second half of 2022. However, large-scale data incidents, such as Nashville, Tenn.-based HCA Healthcare's data breach, drove up the number of affected individuals.
The report found a renewed attacker focus on third-party entry points. Of the 40 million records exposed, 48 percent were linked to business associates, according to an Aug. 22 Critical Insight news release.
The company created the report using HHS data.
"The results of this analysis support the hypothesis that cybercriminals are continually evolving their tactics to minimize risk and maximize the return on effort," Mike Hamilton, founder and chief information security officer at Critical Insight, said in the release. "Focusing on business associates that perform a service for covered entities should give all these providers pause. Fines, additional regulatory scrutiny, class actions, and enforcement of the false claims act will affect these organizations for years."