Skip to main content
close search
site logo
Dive Brief

Cyberattacks pivot from large health systems to smaller hospitals, specialty clinics

The trend of attacks focusing on a systemic technology used across most providers is one that Critical Insights expects to continue this year.

Published Aug. 29, 2022
Rebecca Pifer's headshot
Senior Reporter
A rendering of an empty hospital corridor with a reception desk.
Ninoon via Getty Images

First published on

Healthcare Dive
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Cyberattacks are pivoting to target smaller healthcare companies and specialty clinics without the resources to protect themselves, instead of larger health systems that — despite being treasure troves of personal and medical data — generally have more sophisticated security, according to a new report from Critical Insight.
  • Cybercriminals hit the jackpot this year with the Eye Care Leaders electronic medical records breach, which exposed more than 2 million records. Other major attacks include those against revenue cycle management vendor Practice Resources, which exposed the data of 940,000 individuals; printing services vendor OneTouchPoint that breached the data 1.1 million individuals ; and accounts receivable firm Professional Financial Company that exposed the data of 1.9 million individuals.
  • The number of overall breaches are steadily declining from their peak in the second half of 2020. But the trend of focusing on a systemic technology used across most providers is one the cybersecurity firm expects to continue throughout the remainder of the year, the report, which analyzes breach data reported to the HHS, said.

Dive Insight:

The healthcare industry continues to be a top target for cybercriminals, even as total breaches fell from a peak of 393 in the second half of 2020, to 324 in the first half of 2022, according to Critical Insights.

Breaches affected roughly 20 million individuals in the first half of this year — the third consecutive quarter of breach decline, and a 28% drop compared to the same period last year, the report found.

Smaller hospital systems and specialty clinics are rising to the top of those affected by hacking or IT incident breaches. Breaches associated with health plans dropped by 53%, but attacks against business associates jumped 10% and attacks against providers went up 15%.

That shift, from “large hospital systems and payers to smaller entities that truly have a deficit when it comes to cyber defenses, shows a massive change in victims and approach,” John Delano, healthcare cybersecurity strategist at Critical Insight and Vice President at Christus Health, said in a statement on the report.

“As we continue into 2022, we anticipate attackers to continue to focus on these smaller entities for ease of attack, but also for evasion of media attention and escalation with law enforcement,” he said.

Filed Under: Breaches

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell