Breaches have long been a profitable business for threat actors, as highlighted in IBM's 2020 Cost of a Data Breach Report, which notes the average cost of a breach at $3.86 million. If that number weren't incentive enough for threat actors, the average cost of a breach for healthcare specifically was $7.13 million, with personally identifiable information (PII) valued at $150 per record making the industry a prime target.

Breaches have become a common ‘thing of terror’ for every IT professional and leadership team. Though breach was experienced across industries, in the calendar year 2020 alone, the healthcare sector reported 237 breaches. The incidents continued into 2021, with 56 breaches already disclosed by the end of February 2021, says Tenable Survey.

The Tenable 2020 Threat Landscape Retrospective (TLR) revealed a total of 22 billion records exposed as a result of 730 publicly disclosed breaches between January 2020 and October 2020, with healthcare being by far the most affected industry sector.

Ransomware was reported as the most prominent root cause of healthcare breaches, accounting for a whopping 54.95 percent. The top ransomware used was Ryuk, accounting for 8.64 percent of ransomware-related breaches. It was followed by Maze (6.17 percent), Conti (3.7 percent) and REvil/Sondinokibi (3.09 percent).

Third-party breaches accounted for over a quarter of the breaches tracked and nearly 12 million exposed records. Other leading causes included email compromise/phishing (21.16 percent), insider threat (7.17 percent) and unsecured databases (3.75 percent).

Apart from the obvious strain of dealing with the pandemic, telehealth solutions surfaced as a prominent risk area over the last year. While it may be the much-needed answer to getting medical care to those in need, beyond the limitations of social distancing norms, telehealth solutions considerably expand the surface area for attacks.

“As the COVID-19 pandemic continues to place unprecedented strain on global healthcare infrastructure, attackers are finding what was already an attractive target even more enticing. Technology dependent services such as telehealth, COVID-19 contact tracing app, and a rush to develop and distribute vaccines have greatly expanded the attack surface. With no signs of cyberattacks slowing down in 2021, healthcare organisations need the resources and tools necessary to understand and reduce their cyber risk,” said Rody Quinlan, Security Response Manager, Tenable.

In order to reduce the risk of compromise, healthcare organizations should take a two-pronged approach to reduce the growing threats. This includes Prioritise vulnerabilities: Identify and remediate vulnerabilities most likely to target and impact your organisation; and Address the root cause: Once the vulnerabilities most likely to introduce business risk are identified and prioritized, remediate them and continue regular maintenance check-ups.

Some Healthcare Sectors Hit Worse Than Others

While the term "healthcare" is often used as if it describes a monolithic sector, there are in fact quite significant differences in the types of organizations operating within the broader healthcare category. In order to provide a more granular view, we've further segmented the data into 12 key classifications, which can be found in the table below. Healthcare systems — typically a collective of institutions, people and various resources across a geographical area — accounted for just over 30 percent of the breaches tracked. Because such systems can include multiple facilities spread across a number of campuses, the impact of 88 breaches is exponentially worse than if they had occurred in an individual, standalone facility such as a single hospital.

The top five healthcare categories experiencing the most breaches in the past 14 months were: Healthcare systems (30.03 percent of overall breaches), Hospital (19.11 percent), Mental health care/rehabilitation (6.14 percent), Medical clinic (5.12 percent), and Government agency (4.10 percent)