Third-party attacks expose 12 million health care records

A single breach accounted for 10 million exposed records, report finds

Data Breach overlaying a circuitboard

New analysis from cyber security firm Tenable has found that third-party breaches accounted for over a quarter of the tracked breaches. These breaches accounted for nearly 12 million records exposed in the health care sector.

The firm’s security response team found 237 breaches in the health care sector in 2020. According to Tenable, breaches are set to continue unabated in 2021, with 56 breaches already disclosed through February. 

The research found that in a quarter of cases, breaches occurred due to a separate breach at a third-party organization. This happens when hackers breach a third-party vendor that a health care organization uses, giving attackers access to data the health care provider's stores on the third-party system. Its analysis found that third-party breaches accounted for nearly 12 million exposed records. 

A single breach accounted for over 10 million of these records. “This breach has been linked back to 61 of their healthcare customers, with the number of exposed records expected to increase as more of these impacted customers disclose their numbers,” researchers said.

Of all the health care breaches disclosed between January 2020 and February 2021, 93% of them included confirmed record exposure. Researchers admitted that one obstacle with accurately tracking breaches is that public disclosures can occur days, months, or even years after the event. Even then, the level of detail available may be scant.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

Of these 293 breaches analyzed, 57.34% of the affected organizations have publicly disclosed how many records the breach exposed. The number of records exposed in this period reached nearly 106 million — 76.45% of these were disclosed in 2020. 

The research found that ransomware was the most prominent cause of health care breaches, accounting for 54.95%. Other leading causes included email compromise/phishing (21.16%), insider threat (7.17%), and unsecured databases (3.75%).

Boris Cipot, senior security engineer at Synopsys, told ITPro that this research shows that resilience is much more than the deployment of mitigation procedures, and it starts with software design. 

“As software is the cornerstone of life today, it is important to apply security during the development process. If not, mitigation techniques will act simply as “band-aids on bullet holes,” Cipot said. 

“It is normal to see cybercriminals focused on exploiting known security holes in commonly used software. It is also normal that phishing campaigns are deployed with the intention of gaining information that can help them to further infiltrate critical infrastructure. It is worrying how these things are considered to be normal.”

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021