Cybersecurity expert explains why data protection is as important as patient care
- More than 45 million patients had their information exposed in the first half of 2024, according to NordLayer’s analysis.
- Healthcare organizations suffered 356 cyberattacks, resulting in data breaches.
- The most significant data breach in 2024 exposed 13.4 million patient information.
According to the data analyzed by the NordLayer team, more than 45 million patients had their information exposed in the first half of 2024. During this time, healthcare organizations experienced 356 data breaches. In comparison, in 2023, healthcare institutions suffered 402 incidents, meaning hackers almost doubled their efforts this year.
Healthcare organizations have become one of the most targeted industries by cybercriminals. The sensitive data stored in these institutions is valuable to hackers, as it can include details such as your social security number, name, home address, and health history. Cybercriminals can use this information to create believable phishing emails or sell it online to steal your identity.
“The sensitive nature of medical records makes them desirable targets for criminals, thus demanding the strongest security standards,” says head of product at NordLayer, Andrius Buinovskis. “Patients deserve to know their personal information is safe, and providers must ensure that confidence. Healthcare has to view data protection as being just as critical as patient care.”
Most significant data breaches
Health organizations must notify any health data breaches that impact 500 or more people to the Office for Civil Rights at the Department of Health and Human Services, which makes the breaches public. Looking at the biggest medical breaches this year, there are multiple that exposed millions of patients’ information.
Kaiser Foundation Health Plan reported an incident in mid-April that affected 13.4 million people. The company determined that certain online technologies, previously installed on its website and mobile applications, may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X (Twitter) when members and patients accessed its websites or mobile applications.
At the start of the year, Concentra, a Texas-based physical and occupational health provider, confirmed that the health information of nearly 4 million patients was compromised in the PJ&A cyberattack. The Nevada-based medical transcription company PJ&A reported a data breach at the end of 2023, which affected almost 9 million patients, bringing the total number of victims to 13 million.
In March 2024, A&A Services d/b/a Sav-Rx, also known as Sav-Rx, reported a data breach that exposed the personal information of over 2.8 million people in the United States. The company identified an interruption in its computer network, which resulted in the leak of customers’ social security numbers, full names, dates of birth, email addresses, physical addresses, phone numbers, eligibility data, and insurance identification numbers.
Cybersecurity expert explains benefits of HIPAA compliance
The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that establishes standards for handling Protected Health Information (PHI) or its electronic form (ePHI). With most healthcare organizations now storing patient data digitally, ePHI has become the primary method for archiving this information.
Buinovskis explains that HIPAA’s framework encompasses security measures like access and integrity controls, audit mechanisms, and network security. These rules set standards for securing patient sensitive data from being disclosed without their consent, and even if there is a breach, organizations are prepared to respond appropriately.
“Even minor vulnerabilities in data security can significantly damage medical organizations. Non-compliance with HIPAA can result in financial penalties, reputational damage, and loss of patient trust,” says Buinovskis. “Healthcare providers must follow HIPAA’s framework to create an environment where patients feel safe that their data is in good hands.”
ABOUT NORDLAYER
NordLayer provides scalable and seamless network security for businesses of all sizes. We empower distributed teams with secure connections that align with today’s compliance needs. Our solutions fit effortlessly into your existing IT setup and can be deployed in under 10 minutes, saving your IT team up to 600 hours of work and cutting costs by 65% over five years. As cyber threats become more sophisticated, NordLayer utilizes the zero trust network access (ZTNA) framework, offering tailored security plans and layered solutions that simplify network protection and scale with your business. For more information: https://nordlayer.com/