Hacking, ransomware leading more violations of health care data: study

This audio is generated automatically. Please let us know if you have comments.
Diving brief:
- Health care data violations have skyrocketed in the past 14 years, motivated by hacking and other IT incidents, in particular Ransomware attacks, according to a study published last week in Jama Network Open.
- Of the 732 million files of compromised patients from 2010 to 2024, hacking and computer incidents took into account 88% Exposed recordings, while ransomware, a piracy and computer incident subsets, represented almost 40%.
- Ransomware attacks, where cybercriminals refuse users access to their data until a ransom is paid, increased from zero cases in 2010 to more than 30% of violations in 2021. Last year, however, ransomware represented 11% of health data violations, according to research.
Diving insight:
The study, which analyzed violations with an impact on 500 or more people, was reported to the HHS civil rights office, revealed that the number of healthcare incidents has increased in recent years.
The OCR divides violations into five categories: hacking or computer incidents, theft, access or unauthorized disclosure, poor elimination or loss and violations of unidentified or unknown cause.
The analysis revealed that the number of health care data beaches increased from 216 in 2010 to 566 in 2024. Piracy and computer incidents represented 4% of these violations in 2010 and increased to 81% by last year. Meanwhile, the violations of data related to theft, authorized access and poor elimination or loss has dropped, according to the study.
In addition, the number of patient files compromised in data violations increased, from 6 million in 2010 to 170 million last year. Piracy or IT incidents represented only 2% of the files exposed 15 years ago, and last year increased to 91%, according to the study.
Researchers also tried to determine which violations were linked to ransomware attacks by analyzing event descriptions for indicators such as ransom requests, cryptocurrency payments or links with known ransomware groups.
Since 2020, ransomware has had an impact on more than half of all the files of patients violated each year and have gone to 69% last year.
Piracy and ransomware have become serious concerns for the health care sector.
In the most important incident last year, the complaint processor belonging to Unitedhealth Changes Healthcare was struck by a ransomware attack, which resulted in weeks of disturbances in the sector and the largest infraction to health data never reported to federal regulators.
Hospitals, health plans and other health care organizations are often vulnerable to ransomware, given their limited cybersecurity resources and the main consequences of patient care delays, researchers wrote.
Attenuation strategies should include compulsory ransomware areas in OCR reports to improve surveillance clarity, revise gravity classifications to take into account the operational impact and monitor cryptocurrency to disrupt ransom payments, “they wrote.