Computer attacks in health care are booming so far in 2023

News
Article

Industry analyst reviews cybersecurity for first half of the year, and the results aren’t good.

Computer attacks in health care are booming so far in 2023 | Image Credit: © gankevstock - © gankevstock - stock.adobe.com.

Computer attacks in health care are booming so far in 2023 | Image Credit: © gankevstock - © gankevstock - stock.adobe.com.

Hackers may be on track for a banner year in 2023, according to a report from a cybersecurity firm.

“The relentless uptick of cyber threats targeting health care organizations and patients shows no signs of abating,” said “2023 Mid-Year Horizon Report: The State of Cybersecurity in Healthcare,” published in late July by Fortified Health Security.

Since the start of the year, 327 data breaches had been reported to the U.S. Department of Health and Human Services’ Office for Civil Rights. That figure is up more than 104% from 160 breaches as of mid-2022.

The cyberattacks involved data of more than 40 million individual patients in 2023, marking a 60% increase year-over-year for the first six months. Last year, a single breach involved 2 million records, but in the first half of 2023, there were five breaches of at least 3 million records each, according to Fortified.

Those include the breach of Fortra’s GoAnywhere secure file transfer software in February, which involved more than 5 million health care records. “The software is used across industries, and many other non-health care companies were among the more than 130 companies allegedly targeted in the attack,” the report said.

Health care business associates also are at risk, accounting for 14% of all reported breaches and jumping from 22 halfway through 2022, to 82 so far this year. That is a 273% increase, the report said.

Government gets involved

Health care cybersecurity has become a hot-button issue in Washington.

“Fortunately, these obstacles have not gone unnoticed or unaddressed,” Fortified CEO Dan L. Dodson said in the report. “The federal government is actively taking initiative on the legislative front to tackle these issues head-on.”

In March, President Joe Biden released his National Cybersecurity Strategy with five pillars:

  • Defend critical infrastructure
  • Disrupt and dismantle threat actors
  • Shape market forces to drive security and resilience
  • Invest in a resilient future
  • Forge international partnerships to pursue shared goals

The federal PATCH Act, short for Protecting and Transforming Cyber Healthcare, came out in spring and will go into effect Oct. 1. Medical device manufacturers must meet four requirements for cybersecurity before approval by the U.S. Food and Drug Administration.

Sen. Mark R. Warner (D-Virginia) published “Cybersecurity is Patient Safety,” a policy options paper seeking recommendations to address computer vulnerabilities in health care. Fortified noted there were more than 60 responses to his request for information. Given the complexity of the issue and at least 16 federal agencies involved, there could be multiple bills addressing specific aspects of cybersecurity.

In March, the Senate’s Homeland Security and Government Affairs Committee held the hearing, “In Need of a Checkup: Examining the Cybersecurity Risks to the Healthcare Sector.” Fortified Senior Virtual Information Security Officer Kate Pierce was among four experts who testified in that hearing and she wrote this essay for Medical Economics. Senators now are considering the Rural Hospital Cybersecurity Enhancement Act, legislation based on testimony in that hearing.

Action steps

Fortified noted the U.S. Department of Health and Human Services, its 405(d) Program, and the Health Sector Coordinating Council Cybersecurity Working Groups have published three documents on the current state of cybersecurity in hospitals, government programs, and industry best practices. Fortified was a contributor to those records and recommended three steps for health care offices and systems to prepare:

  • Read the documents and assess where your organization needs to improve security.
  • Plan to prioritize and tackle areas that need attention.
  • Keep leadership in the loop about upcoming changes to minimize strains on the organization.

This article was initially published by our sister publication, Medical Economics®.

Related Videos
Angela Nash, PhD, APRN, CPNP-PC, PMHS | Image credit: UTHealth Houston
Allison Scott, DNP, CPNP-PC, IBCLC
Joanne M. Howard, MSN, MA, RN, CPNP-PC, PMHS & Anne Craig, MSN, RN, CPNP-PC
Juanita Mora, MD
Natasha Hoyte, MPH, CPNP-PC
Lauren Flagg
Venous thromboembolism, Heparin-induced thrombocytopenia, and direct oral anticoagulants | Image credit: Contemporary Pediatrics
Jessica Peck, DNP, APRN, CPNP-PC, CNE, CNL, FAANP, FAAN
Sally Humphrey, DNP, APRN, CPNP-PC | Image Credit: Contemporary Pediatrics
Related Content
Perry Roy, MD | Image Credit: Carolina Attention Specialists

Incorporating objective testing to add value to an ADHD diagnosis

April 25th 2024
Article

Perry Roy, MD, explains how an FDA-cleared objective test can assist in an ADHD diagnosis.

Site Logo

Food Insecurity and the Dangers of Infant Formula Dilution

January 30th 2023
Podcast
FDA approves tovorafenib for most common form of childhood brain tumor | Image Credit: © Calin - © Calin - stock.adobe.com.

FDA approves tovorafenib for most common form of childhood brain tumor

April 24th 2024
Article

This decision from the federal agency marks the first FDA approval of a systemic therapy to treat patients with pediatric LGG with BRAF rearrangements, including fusions.

Demystifying Infant Formula

Demystifying Infant Formula

October 11th 2022
Podcast
Ustekinumab biosimilar approved to treat moderate to severe plaque psoriasis | Image Credit: © Calin - © Calin - stock.adobe.com.

Ustekinumab biosimilar approved to treat moderate to severe plaque psoriasis

April 23rd 2024
Article

The biosimilar to ustekinumab is approved for patients 6 years and up, and is expected to be marketed on or after February 21, 2025.

CRL issued for pz-cel as potential recessive dystrophic epidermolysis bullosa treatment | Image Credit: © Araki Illustrations - © Araki Illustrations - stock.adobe.com.

CRL issued for pz-cel as potential recessive dystrophic epidermolysis bullosa treatment

April 23rd 2024
Article

Abeona's pz-cel is up for indicated use to treat patients with recessive dystrophic epidermolysis bullosa.

© 2024 MJH Life Sciences

All rights reserved.