Fortified Health Security released the 2022 Horizon Report. The report reveals how, as the industry continues to recover from a tumultuous 2020, cybercriminals continued to relentlessly target and attack providers, health plans and their business associates. The report goes on to explore how federal and state regulatory agencies along with cyber insurance companies are taking notice of breaches and the increasing number of ransomware attacks in the healthcare industry, adopting comprehensive cybersecurity policies and procedures that increase compliance and mitigation costs.
The report leverages a comprehensive cross-section of information, expertise, and statistical analysis to highlight industry-wide trends, insights, and predictions. Horizon Reports have been published by Fortified Health Security since 2017 and are designed to help healthcare stakeholders navigate the exceedingly complex cybersecurity landscape by sharing best practices and actionable guidance.
Significant findings from the 2022 Horizon Report include:
- In 2021, more than 700 healthcare organizations reported a breach of 500 patient records to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.
- Healthcare providers remain the overwhelming source of breaches, accounting for 72% of all incidents, while just more than 500 providers reported breaches in 2021 – affecting nearly 28 million patients.
- While ransomware attacks across industries have increased 300% since last year, healthcare organizations still remain the number one target.
“2021 was a year of recovery, reorganization and prioritization for many industries, including healthcare,” said Dan L. Dodson, CEO of Fortified Health Security. “We’ve seen the effect of hacking incidents and breaches on healthcare increase year after year as bad actors and cybercriminals continue to look for the path of least resistance to maliciously access networks, with many now targeting those working from remote locations. In 2022, we expect to see an industry-wide increase in funding of technology and services designed to prevent these types of attacks, along with an increased desire to invest in cybersecurity protection.”
Federal regulatory agencies have long focused on increasing cybersecurity. According to the 2022 Horizon Report, those efforts have ramped up over the previous two years:
- Since January of 2021, Congress has introduced more than 300 bills related in some way to cybersecurity – including the 2021 infrastructure bill with a $1 billion grant fund to encourage state and local government spending on cybersecurity.
- With many ransomware attacks originating from foreign actors who may want to undermine national security and foreign policy objectives, the Treasury Department blocked trades between U.S. entities and a Russian cryptocurrency exchange that the government says derives 40% of its trading volumes from illegal activities.
- The Office of Foreign Assets Control (OFAC), part of the U.S. Department of the Treasury, has adopted new guidelines regarding the payment of ransomware — “just say no.”
Last summer, Fortified Health Security released the 2021 Mid-Year Horizon Report – detailing findings that illustrate how healthcare providers, health plans and business associates were being affected by cybersecurity threats from bad actors in the first half of 2021. In addition, the report discussed what security measures healthcare organizations should implement to combat high-profile threats.
Fortified Health Security’s 2022 Horizon Report builds on that guidance, while aiming to predict the short-term future of cybersecurity in healthcare. The full report is available for download here.