Cybersecurity Attacks in Healthcare 2022

According to the U.S Department. of Health and Human Services (HHS), at least 373 healthcare organizations’ electronic data breaches have been reported till July 2022. As per an IBM report, healthcare data breaches cost $10 million per incident and a recent IBM security report with data from the Ponemon Institute found that healthcare data breaches hit a record high for the 12th consecutive year.

Despite the healthcare sector’s commitment to providing life-saving services and improving care with new technologies, cyber-threat actors continue to exploit vulnerabilities. The healthcare industry faces unique challenges compared to other critical sectors. A cyber-attack on healthcare can have ramifications beyond financial loss and personal information breaches. For hospitals, ransomware, for example, is fatal because the loss of patient data can be devastating.

This blog explores the top 5 eye-opening cyber-attacks in healthcare that every healthcare provider needs to be aware of. Some of the major cybersecurity attack happened in the year 2022 so far are:

5 Cybersecurity Attacks in Healthcare, 2022

• • Yuma Regional Medical Center, Arizona: In a most significant breach to be recognized as a ransomware attack, YRMC recently announced that it had been the target of a ransomware attack that exposed the data of 700,000 people. On April 25, 2022, the Arizona-based YRMC learned that some of its external systems contained ransomware. Further investigation found that from April 21 to April 25, an unauthorized person accessed YRMC’s systems and deleted a portion of their files. Those files contained patient names, Social Security numbers, limited medical information, and health insurance information. To get the systems back up while putting patient care first, YRMC collaborated with law enforcement and a third-party cybersecurity company. Although hospital facilities remained operational throughout the cyberattack, officials have revealed that ransomware caused some patient services to be delayed and some appointments to be canceled.

• • Shields Healthcare Group: A third-party vendor providing MRI, PET/CT, and ambulatory surgical services to patients at more than 30 locations in New England, USA. There was suspicious activity reported on their network on March 28. Upon investigation, it was discovered that their network was compromised, and the hacker had gained access to specific Shields systems between March 7 and 21. Furthermore, the investigation revealed that the unknown actor acquired specific data. The data theft may have included names, social security numbers, and insurance information of patients. This information can be used for social engineering, phishing, scamming, and extortion. Around 2 million people were affected by it.

• • Baptist Health System: Baptist Health System and Resolute Health Hospital is a healthcare system based in San Antonio, Texas, and it has 65 locations, mostly in San Antonio and surrounding areas. Hackers installed a line of code on the back-end systems which resulted in affecting the information of 1.2 million people. The hacker was active within the system between March 31, 2022, and April 24, 2022. During this time, hackers were able to access certain systems of hospitals and were successful in stealing the information. The information included the full names, dates of birth, addresses, Social Security numbers, health insurance information, medical information, and billing information. On June 16, 2022, the hospital noticed the breach, issued a notice to contain the breach, and started sending letters to affected people.

• • South Denver Cardiology Associates: The Colorado-based organization reported an issue that affected over 287,000 people. The business discovered odd network activity on January 4 and found that someone accessed data between January 2 and January 5, 2022.
    A thorough examination of those files revealed the presence of patient names, as well as one or more of the following types of information: dates of birth, social security numbers, driver’s license numbers, patient account numbers, health insurance information, and clinical information such as physician names, dates and types of service, and diagnoses.

• ARcare: ARcare, a US healthcare provider with locations in Arkansas, Kentucky, and Mississippi, has acknowledged a data breach that may have affected 345,000 people. “On February 24, 2022, ARcare experienced a data security incident that impacted its computer systems and caused a temporary disruption in services,” according to an ARcare data breach alert. Names, social security numbers, driver’s license, dates of birth, financial account information, medical treatment information, prescription information, medical diagnosis or condition information, and health insurance information were among the potentially exposed data

The Healthcare industry faces serious cybersecurity challenges in protecting and safeguarding assets against these attacks that threaten the confidentiality, integrity, and availability of protected health information. Healthcare providers now have to secure more connected medical devices than ever before, and the healthcare industry must prioritize cybersecurity and make the appropriate investments needed to protect its patients.

With cybersecurity consultants in high demand and scarce human capital available in the current market, it is even more challenging for companies to have full-time staff to manage cybersecurity processes and safeguard assets. iQuasar Cyber can help healthcare integrate the systems and processes, safeguard critical information, and reduce the threat of data breaches.

Call iQuasar Cyber, Inc. for a free consulting hour to learn more about our services and how iQuasar Cyber can help you secure your assets. iQuasar Cyber consultants can talk on the phone about your security needs and put a plan for combating breaches.