- Los Angeles County Department of Health Services in California has notified 6,085 patients that their PHI was exposed after cyber attack.
- Berry, Dunn, McNeil & Parker Health Analytics Practice Group of Portland, Maine notified 1.1 patients that their PHI was exposed after cyber attack.
- BioPlus Specialty Pharmacy Services, headquartered in Altamonte Springs, Florida, has proposed a $2.6 million settlement to resolve a class action lawsuit that was filed in response to a 2021 data breach that exposed the PHI of up to 350,000 patients
- Designed Receivable Solutions (DRS) of Cypress, CA, notified 498,686 patients that their PHI may have been exposed after cyber attack.
- Bay Oral Surgery & Implant Centers of Wisconsin notified 13,055 patients that their PHI was exposed after cyber attack.
- Santa Rosa Behavioral Healthcare Hospital of California notified an unknown number of patients that their PHI was exposed after cyber attack.
- Ernest Health, headquartered in Mesquite, Texas, notified 101,000 patients across 12 states that their PHI was exposed after cyber attack.
- Dropbox notified an unknown number of users that their info may have been exposed after a databreach impacting customers of Sign the company’s electronic signature service, formerly known as
HelloSign, enables users to send, receive and manage legally binding e-signatures. - Aspire Health Alliance, a state-designated community behavioral health center with facilities in Quincy, Braintree, and Marshfield in Massachusetts, has notified 17,490 patients that their PHI was
exposed after cyberattack. - Northeast Ohio Neighborhood Health (NEON), a company providing healthcare services headquartered in Cleveland, Ohio, notified an unknown number of patients that their PHI was exposed after cyber attack.
- Medstar Health, headquartered in Columbia, Maryland notified 183,079 patients that their PHI was exposed after email phishing attack.
- LivaNova PLC in Houston, Texas notified an unknown number of patients that their PHI was exposed after cyber attack.
- Rubrik Zero Labs Cybersecurity published report:
- 20% of a healthcare organization’s sensitive data holdings are affected by a ransomware encryption event, compared to 6% in other industry sectors
- 20% of healthcare data is encrypted, deleted, or stolen in an attack.
- healthcare organizations hold average of 42 million sensitive data records compared to the global average of 28 million sensitive records
- healthcare organizations saw its data estate grow by 27% YoY
- sensitive data records in healthcare grew by 63% in the past year compared to the global average of 13%
- Black Book Research published report on cybersecurity:
- In 2023, 46 hospital systems fell victim to ransomware attacks
• attacks directly impacted at least 141 hospitals - average cost of healthcare data breaches reached an all-time high in 2023, averaging $11 million, marking a 53% surge since 2020
- 33 out of the 46 attacks on health systems resulted in the theft of sensitive data, including protected health information
- In 2023, there was an astonishing 25,000% surge in the average payment skyrocketing to around $1.5 million
- healthcare IT professionals planning strategic investments exceeding $140 billion by 2025. This surge is driven by the escalating cyberattacks targeting health systems and payers during the first two quarters of 2024.
- security breaches incurred a $7.3 trillion cost for healthcare companies by Q3 2023's end
- breaches in medical practices and physician groups surged by 72% from 2019 to 2022
- hospitals and health systems experiencing a 59% increase over the same period.
- 82% of IT managers reported multiple ransomware hits on their organizations in 2023 alone.
- healthcare data breaches cost an average of $697 per record, marking the highest figure across industries for a decade
- 86% of IT professionals in health plans agreed with the sentiments that data attackers are outpacing their organizations
- In 2023, 46 hospital systems fell victim to ransomware attacks
- BakerHostetler has released the 10th edition of its Data Security Incident Response Report
- Healthcare Vertical was number one target of hackers, accounting for 28% of data breach
incidents- 17% = finance/insurance vertical
- 15% = business and professional services vertical
- 13% = education vertical
- Healthcare Vertical was number one target of hackers, accounting for 28% of data breach
- 23% = unpatched vulnerabilities
- 20% = email phishing
- 51% = network intrusions
- 26% = business email compromise incidents
- 26% = inadvertent disclosures
- 36% = cause could not be determined
- 72% = ransomware
- 57% = data exfiltration
- 46% = malware
- average ransom demand was $2,644,647
- average ransom payment was $747,651
- healthcare with an average demand of $3,492,434
- average ransom payment of $857,933
- average of 13.4 days to acceptable data restoration
- average of 158,362 patient notifications had to be sent
- 27% of attacked companies paid a ransom in 2023
- size of healthcare data breaches jumped almost 200% to 144.5 million patients
Original Post