Third-party attacks expose 12 million health care records

A single breach accounted for 10 million exposed records, report finds

Data Breach overlaying a circuitboard

New analysis from cyber security firm Tenable has found that third-party breaches accounted for over a quarter of the tracked breaches. These breaches accounted for nearly 12 million records exposed in the health care sector.

The firm’s security response team found 237 breaches in the health care sector in 2020. According to Tenable, breaches are set to continue unabated in 2021, with 56 breaches already disclosed through February. 

The research found that in a quarter of cases, breaches occurred due to a separate breach at a third-party organization. This happens when hackers breach a third-party vendor that a health care organization uses, giving attackers access to data the health care provider's stores on the third-party system. Its analysis found that third-party breaches accounted for nearly 12 million exposed records. 

A single breach accounted for over 10 million of these records. “This breach has been linked back to 61 of their healthcare customers, with the number of exposed records expected to increase as more of these impacted customers disclose their numbers,” researchers said.

Of all the health care breaches disclosed between January 2020 and February 2021, 93% of them included confirmed record exposure. Researchers admitted that one obstacle with accurately tracking breaches is that public disclosures can occur days, months, or even years after the event. Even then, the level of detail available may be scant.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

Of these 293 breaches analyzed, 57.34% of the affected organizations have publicly disclosed how many records the breach exposed. The number of records exposed in this period reached nearly 106 million — 76.45% of these were disclosed in 2020. 

The research found that ransomware was the most prominent cause of health care breaches, accounting for 54.95%. Other leading causes included email compromise/phishing (21.16%), insider threat (7.17%), and unsecured databases (3.75%).

Boris Cipot, senior security engineer at Synopsys, told ITPro that this research shows that resilience is much more than the deployment of mitigation procedures, and it starts with software design. 

“As software is the cornerstone of life today, it is important to apply security during the development process. If not, mitigation techniques will act simply as “band-aids on bullet holes,” Cipot said. 

“It is normal to see cybercriminals focused on exploiting known security holes in commonly used software. It is also normal that phishing campaigns are deployed with the intention of gaining information that can help them to further infiltrate critical infrastructure. It is worrying how these things are considered to be normal.”

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

29 Jul 2021
Colonial Pipeline hack spurred copycat attacks on other oil and gas companies
hacking

Colonial Pipeline hack spurred copycat attacks on other oil and gas companies

29 Jul 2021
Study finds companies are mishandling cyber security recruitment
cyber security

Study finds companies are mishandling cyber security recruitment

28 Jul 2021
What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

28 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021