Health care ransomware attacks spiked 86% in September: report | #ransomware | #cybercrime

Cybersecurity incidents in health care spiked in September as the industry continues to face challenges in protecting data, according to a report published Tuesday.

The report, from cybersecurity software company NCC Group, found that cybersecurity incidents increased 86% in September.

Here are five things to know about health care data breaches.

Keep up with all things West Michigan business. Sign up for our free newsletters today.

1. 2023 is by far the worst year for breaches 

Around 85 million patients have had their personal information compromised through the first nine months of the year, compared with 38 million in the same time period as 2022 and 43.9 million in 2021, according to the Health and Human Services Department’s Office for Civil Rights. The increase isn’t due to more incidents but how far-reaching the attacks have been. There have been 513 breaches in the first nine months of 2023, according to HHS.

2. August was an outlier 

Ransomware is becoming a significant cause of data breaches, according to NCC Group’s report. There were 39 ransomware attacks against healthcare organizations in September, compared with 21 in August, the company said. In other months this year, there were more than 30 separate ransomware attacks affecting the industry in each month dating back to March.

Read more: Health care data breach costs keep climbing: report

3. Health care didn’t have the most attacks

Cybercriminals using BlackCat ransomware, which includes malware-infected email or website links, targeted healthcare companies seven times last month, NCC found. The manufacturing and retail industries were hit more often last month with that specific type of ransomware. Overall, healthcare was the fourth most affected industry by malware attacks in September, behind manufacturing, retail and technology. There 514 malware attacks last month across all industries, the highest number of monthly attacks recorded this year.

4. MOVEit is a big problem

More than 600 companies have disclosed breaches relating to Progress Software’s MOVEit program, according to data from security firm Emsisoft. Many of them are from the healthcare industry including Houston-based Harris Center for Mental Health and Baltimore, Maryland-based Johns Hopkins Medicine.

MOVEit transfers large files, potentially those including sensitive documents. A ransomware gang began exploiting a vulnerability in the software to steal data, according to a Cybersecurity and Infrastructure Security Agency news release. The vulnerability was discovered by Progress in May. Revenue cycle management tech company Arietis Health reported on Oct. 17 that data on 1.9 million patients was compromised because of the MOVEit breach. In September, clinical documentation software company Nuance Communications said it was part of the MOVEit breach in an incident that affected 1.2 million patients.

5. Companies want help stopping breaches

The rising threats to data security has been noticeable to consultants who work with health systems. According to Modern Healthcare’s Healthcare IT Consulting Firms Survey, 75% of respondents reported an increase in client concern regarding data security in the past year.

More from Crain’s Grand Rapids Business:

Shinola to open downtown Grand Rapids store

Following public investments, ICCF to price half of condo project for ‘missing middle’ buyers

RoMan Manufacturing renovates facility for new business serving data center industry

Source link

National Cyber Security