Fortified Health Security, Healthcare’s Cybersecurity Partner released the 2021 Horizon Report, which details findings that illustrate how, as healthcare organizations continue to respond to the pandemic, cybercriminals have continued to persist in their attacks on providers, health plans and business associates – compromising sensitive patient data while impacting the delivery of care to patients.
The report leverages a comprehensive cross-section of information, expertise and statistical analysis to highlight industry-wide trends, insights, and predictions. Horizon Reports have been published by Fortified Health Security since 2017 and are designed to help healthcare stakeholders navigate the exceedingly complex cybersecurity landscape by sharing best practices and actionable guidance.
Significant findings from the 2021 Horizon Report include:
- More than 500 healthcare organizations have reported a breach of 500+ patient records to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) through the first 10 months of this year.
- Providers continue to be the most targeted sector, accounting for 79% of all reported breaches. Slightly more than 400 providers have been breached thus far this year, affecting just under 13.5 million patients.
- Attacks on network servers are on the rise, increasing from 23% of all attacks in January to October of 2019 to 35% in the same period in 2020.
- Despite the attention given to ransomware attacks, at 38%, email remains the most common attack vector used by those seeking to steal patient data. Phishing campaigns have proven so successful that they not only continue but grow more sophisticated and targeted.
“COVID-19 has defined 2020 for hospitals and health systems that scrambled to meet an early spring surge in most areas and are dealing with still higher caseloads as the year comes to an end,” said Dan L. Dodson, CEO of Fortified Health Security. “The threat of ransomware continues, and, given the COVID-19 pandemic, the potential impact to care delivery has never been higher. For this reason, our 2021 Horizon Report underscores the importance of getting back to security fundamentals as organizations face the undoubtedly turbulent year ahead – including evaluating security infrastructures, response plans, staffing models and potential gaps – to minimize cybersecurity risk and protect patients in the most cost-effective way.”
While the global pandemic dominated news headlines throughout 2020, healthcare organizations specifically faced four market forces, which will reverberate for years across hospitals and health systems. According to the report:
- Cyberattacks on healthcare facilities did not abate during the pandemic. IT staff also had to deal with an explosion of telehealth services and moving non-clinical employees to work-at-home environments, increasing the attack surface and creating the need for more complex incident response plans.
- The time has finally arrived for healthcare IT departments and cybersecurity teams to fully understand and better design their technology spend, rather than using technical point solutions that overlap with other products or create security gaps.
- The pandemic has forced IT and cybersecurity leaders to assess the state of their human capital, recognizing that not all cybersecurity employees need to report to the office and to explore the idea of outsourcing cybersecurity monitoring and other cybersecurity functions.
- Enabling work-from-home brought new threats and technology challenges to healthcare organizations and increased the attack surface, underlining the importance of real-time network monitoring and staff training against phishing attacks.
Earlier this year, Fortified Health Security released the 2020 Mid-Year Horizon Report – detailing findings that illustrate how the COVID-19 pandemic has created a sudden demand for solutions like remote work and telehealth and how meeting these demands has created an increased cybersecurity risk for the present and future state of the healthcare industry.
Fortified Health Security’s 2021 Horizon Report builds on that guidance, while predicting the short-term future of cybersecurity in healthcare. The full report is available for download here.