The health care sector has become the choice target of cyber criminals, according to a new report and other sources.
On the heels of recent major cyberattacks on health care entities including a breach of one of the nation's largest health care systems, Ascension; UnitedHealth's payout of $22M to ransomware; and a cyberattack against UnitedHealth Group's subsidiary Optum, Change Healthcare, comes data on how focused cyber criminals are on the health care industry.
Cyberattacks in the health care vertical increased 136%, according to a new report from SOAX, a data collection services company.
The report was compiled using data from the Identity Theft Resource Center's monitoring of data violation incidents.
From 2022 to 2023, the health care sector saw a jump in data violations from 343 to 809 incidents – a 136 percent increase. Fifty-six million victims in health care were affected, according to the report.
The SOAX report also listed other sectors it found most prone to cyberattacks. The second most vulnerable is the financial services industry, with a 177 percent increase in cyber incidents from 2022 to 2023.
Here is the full list of the top-most vulnerable industries according to SOAX's data:
Data violation cases due to cyberattacks in the US, from 2020 – 2023, by industry:
Why Health Care Is So Vulnerable
Several security agencies have been sounding the alarm about health care's vulnerability to cyberattacks and why the sector is a target for threat actors.
"Cybersecurity threats to healthcare organizations and patient safety are real. Health information technology provides critical life-saving functions and consists of connected, networked systems that leverages wireless technologies, which in turn leave such systems more vulnerable to cyber-attacks," according to a statement from the U.S. Cybersecurity and Infrastructure Security Agency.
The U.S. Department of Health and Human Services also issued a warning: "The healthcare sector is particularly vulnerable to cybersecurity risks and the stakes for patient care and safety are particularly high. Healthcare facilities are attractive targets for cyber criminals in light of their size, technological dependence, sensitive data, and unique vulnerability to disruptions. And cyber incidents in healthcare are on the rise."
"The study has identified a concerningly sharp rise in cyber incidents across all US industries in 2023, which is particularly alarming, especially within the healthcare and financial services industries. These sectors store vast amounts of sensitive information, making them lucrative targets for cybercriminals," Stepan Solovev, CEO & Co-founder at SOAX, said in a news release.
