Cyberattacks in 2022 and what hospitals, health systems can learn going into 2023

The healthcare sector is on track to meet or exceed the more than 50.4 million patient records that were breached in 2021. 

Between Jan. 1 and Oct. 31 of 2022, the HHS' Office for Civil Rights reported that 594 data breaches took place, with an average of 60 data breaches being reported each month.  Most of these large breaches were tied to third-party vendors.  

For instance, the largest healthcare data breach of this year has been Advocate Aurora Health, dually headquartered in Downers Grove, Ill., and Milwaukee. The health system reported that it had installed a third-party tracking tool, dubbed Meta Pixel, onto its website and patient portal, which in turn caused 3 million patient records to be compromised. 

The health system hasn't been the only one to have installed a tracking tool that has compromised patient information. Hospitals such as Charlotte, N.C.-based Novant Health and Indianapolis-based Community Health Network have been transparent about the potential information breach via the "pixel" advertising tracking tools. 

While other health systems, such as Chicago-based Rush University System for Health; University of Chicago Medical Center; Raleigh, N.C.-based WakeMed; Durham, N.C.-based Duke Health; Northwestern Memorial Hospital in Chicago; UCSF Medical Center and Dignity Health, both in San Francisco; and Pittsburgh-based UPMC are facing patient-led lawsuits for allegedly using the tool that transmits personal information about their website visitors to social media sites such as Facebook, Instagram and Twitter. 

These breaches have spurred HHS to release a bulletin stating that entities covered by HIPAA can't use pixel trackers if they transmit protected health information without patient consent or if they don't have a signed business associate agreement with the technology tracking vendors. 

While third-party data breaches have been the cause behind some of the biggest healthcare data breaches this year, ransomware attacks are still among the most common threats to the healthcare sector.

According to FBI data, 25 percent of ransomware attacks in 2022 have been targeted at the healthcare sector. In 2021, the healthcare and public health sector had the most ransomware reports of any of the 14 critical infrastructure industries, with 148 out of 649 attacks. 

One of the most prolific ransomware attacks on a healthcare organization this year occurred at the nation's second-largest nonprofit hospital system, Chicago-based CommonSpirit Health.

The health system was hit with a ransomware attack in October that forced its EHRs and payroll systems to go offline at many of its facilities across the country, as well as delayed patient care and surgeries at some of its affiliated hospitals. 

Since cyber threats only seem to be getting worse, healthcare executives as a whole are planning on increasing their cybersecurity budgets for increased training and infrastructure in 2023 in order to fend off these kinds of attacks, according to a recent survey from software firm Ivanti.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars