We have reported on data breaches more in 2020 than in previous years. If you’re a regular visitor to this site, you may have read those stories already. But colleagues at our sister brand, Campus Safety, have reported more on the topic in recent weeks, too.
Healthcare facilities are prime targets for hackers
Many of their stories have focused on healthcare facilities, according to Amy Rock, Campus Safety’s senior editor.
“Hospitals are particularly susceptible to data breaches due to sensitive and valuable information and the fact that they are open 24/7. The healthcare sector has the highest average cost of a data breach per customer record at $429,” Rock says.
She says hackers are doubling-down on email phishing campaigns to access private data.
“A 2020 report titled The State of Cybersecurity in Healthcare predicts these scams will be the method of choice for accessing health data in 2020. Ransomware attacks, which have been a growing threat for hospitals for months, have been further exacerbated by the COVID-19 pandemic as hospitals struggle with patient surges and obtaining PPE.”
What’s worse, Rock notes the financial burden caused by such attacks have forced some hospitals — particularly community hospitals and smaller healthcare organizations — to turn away patients or close doors permanently.
Fortified Health Security gathered data showing 40 million Americans were affected by health data breaches in 2019, a 65% increase from 14 million in 2018.
The 2020 report, titled The State of Cybersecurity in Healthcare, compiled yearly data from 2009 through 2019 and found last year was the highest number recorded since 2015 when 113.27 million records were exposed.
The data also shows 2012 had the least number of data breaches with 2.8 million records exposed, which was a 78% drop from 13.1 million in 2011.
Their report provides several recommendations for healthcare entities, including:
- Develop and implement simulated phishing; be sure to consider culture and human resource requirements
- Understand third-party risk; establishing strong governance and a risk-based model is crucial
- Operationalize your technology; do not purchase technical point solutions without adequately planning for the ongoing management of these tools
More recent data breaches in 2020 in K-12 schools
Rock says another area of critical concern lately is K-12.
“Cybersecurity incidents increased by an overwhelming 185% from 2018 to 2019. Of the reported 2019 incidents, 60% were due to data breaches primarily involving the unauthorized disclosure of student data,” she says.
Ransomware is frequently used to target these environments.
“For the first time since the K-12 Cybersecurity Resource Center started collecting this data, schools have canceled classes or closed due to cyberattacks. More than 50% of all incidents reported since 2016 were due to insiders in the school community, including vendors and other third-party partners, through scams like email phishing.”
This past January, an email phishing scam cost one Texas school district $2.3 million.
A similar threat faces higher education
Rock says 53% of all cyberattacks in 2019 involved stolen credentials, oftentimes through phishing scams, referencing the Anti-Phishing Working Group’s findings that say 2019 was the worst period for phishing since the fourth quarter of 2016.
The NetWalker (Mailto) ransomware gang recently targeted Michigan State University, publishing images of files they stole from the school and demanding money for file encryption.
Resources for preventing higher education ransomware attacks: