Third-party attacks expose 12 million health care records

A single breach accounted for 10 million exposed records, report finds

Data Breach overlaying a circuitboard

New analysis from cyber security firm Tenable has found that third-party breaches accounted for over a quarter of the tracked breaches. These breaches accounted for nearly 12 million records exposed in the health care sector.

The firm’s security response team found 237 breaches in the health care sector in 2020. According to Tenable, breaches are set to continue unabated in 2021, with 56 breaches already disclosed through February. 

The research found that in a quarter of cases, breaches occurred due to a separate breach at a third-party organization. This happens when hackers breach a third-party vendor that a health care organization uses, giving attackers access to data the health care provider's stores on the third-party system. Its analysis found that third-party breaches accounted for nearly 12 million exposed records. 

A single breach accounted for over 10 million of these records. “This breach has been linked back to 61 of their healthcare customers, with the number of exposed records expected to increase as more of these impacted customers disclose their numbers,” researchers said.

Of all the health care breaches disclosed between January 2020 and February 2021, 93% of them included confirmed record exposure. Researchers admitted that one obstacle with accurately tracking breaches is that public disclosures can occur days, months, or even years after the event. Even then, the level of detail available may be scant.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

Of these 293 breaches analyzed, 57.34% of the affected organizations have publicly disclosed how many records the breach exposed. The number of records exposed in this period reached nearly 106 million — 76.45% of these were disclosed in 2020. 

The research found that ransomware was the most prominent cause of health care breaches, accounting for 54.95%. Other leading causes included email compromise/phishing (21.16%), insider threat (7.17%), and unsecured databases (3.75%).

Boris Cipot, senior security engineer at Synopsys, told ITPro that this research shows that resilience is much more than the deployment of mitigation procedures, and it starts with software design. 

“As software is the cornerstone of life today, it is important to apply security during the development process. If not, mitigation techniques will act simply as “band-aids on bullet holes,” Cipot said. 

“It is normal to see cybercriminals focused on exploiting known security holes in commonly used software. It is also normal that phishing campaigns are deployed with the intention of gaining information that can help them to further infiltrate critical infrastructure. It is worrying how these things are considered to be normal.”

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
Biden looks to shore up the electrical grid’s cyber security
Security

Biden looks to shore up the electrical grid’s cyber security

15 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021