Third-party attacks expose 12 million health care records

A single breach accounted for 10 million exposed records, report finds

Data Breach overlaying a circuitboard

New analysis from cyber security firm Tenable has found that third-party breaches accounted for over a quarter of the tracked breaches. These breaches accounted for nearly 12 million records exposed in the health care sector.

The firm’s security response team found 237 breaches in the health care sector in 2020. According to Tenable, breaches are set to continue unabated in 2021, with 56 breaches already disclosed through February. 

The research found that in a quarter of cases, breaches occurred due to a separate breach at a third-party organization. This happens when hackers breach a third-party vendor that a health care organization uses, giving attackers access to data the health care provider's stores on the third-party system. Its analysis found that third-party breaches accounted for nearly 12 million exposed records. 

A single breach accounted for over 10 million of these records. “This breach has been linked back to 61 of their healthcare customers, with the number of exposed records expected to increase as more of these impacted customers disclose their numbers,” researchers said.

Of all the health care breaches disclosed between January 2020 and February 2021, 93% of them included confirmed record exposure. Researchers admitted that one obstacle with accurately tracking breaches is that public disclosures can occur days, months, or even years after the event. Even then, the level of detail available may be scant.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

Of these 293 breaches analyzed, 57.34% of the affected organizations have publicly disclosed how many records the breach exposed. The number of records exposed in this period reached nearly 106 million — 76.45% of these were disclosed in 2020. 

The research found that ransomware was the most prominent cause of health care breaches, accounting for 54.95%. Other leading causes included email compromise/phishing (21.16%), insider threat (7.17%), and unsecured databases (3.75%).

Boris Cipot, senior security engineer at Synopsys, told ITPro that this research shows that resilience is much more than the deployment of mitigation procedures, and it starts with software design. 

“As software is the cornerstone of life today, it is important to apply security during the development process. If not, mitigation techniques will act simply as “band-aids on bullet holes,” Cipot said. 

“It is normal to see cybercriminals focused on exploiting known security holes in commonly used software. It is also normal that phishing campaigns are deployed with the intention of gaining information that can help them to further infiltrate critical infrastructure. It is worrying how these things are considered to be normal.”

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021
£100 contactless payment limit could place shoppers at risk, warn industry experts
Policy & legislation

£100 contactless payment limit could place shoppers at risk, warn industry experts

15 Oct 2021
Hackers used MSHTML exploit a week before patches were ready
zero-day exploit

Hackers used MSHTML exploit a week before patches were ready

14 Oct 2021
Hackers fake DocuSign and offer fraudulent signing methods
document management systems (DMS)

Hackers fake DocuSign and offer fraudulent signing methods

14 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021