2024's Healthcare Cybersecurity Breaches Revealed!
As we approach the midpoint of 2024, the healthcare sector continues to be a prime target for ransomware attacks. These breaches not only compromise patient data but also disrupt critical healthcare services, posing significant risks to patient safety and organizational operations. Today, we will delve into the most impactful ransomware breaches in the healthcare industry this year to provide a clear picture of the current cybersecurity landscape.
January to April: A Surge in Attacks
The year began with a notable increase in ransomware attacks, with January alone witnessing 21 significant breaches. The numbers escalated further in February, hitting 34 breaches. By March, the trend slowed down, with 27 reported incidents. April experienced the highest number so far, with 35 breaches, marking a 29.63% increase compared to the previous month. This surge shows that attacks will likely continue to increase because the industry is an easy target due to the lack of focus on cybersecurity.
High-Profile Breaches and Their Impact
Several high-profile breaches have marked 2024, each highlighting different gaps within the healthcare ecosystem. In February, the Chicago Children's Hospital was hit by a ransomware attack that compromised phone and EHR systems, leading to significant operational downtimes. Change Healthcare, a critical provider of healthcare transaction processing, was targeted in a massive ransomware attack by the BlackCat group, which resulted in significant disruptions and a $22 million ransom payment to prevent the release of sensitive data. The attackers used stolen credentials and accessed a public internet system that lacked MFA. Meanwhile, Ascension, one of the largest healthcare systems in the U.S., also faced a significant ransomware breach in April, causing widespread service disruptions and data exposure. The number of compromised patient records is still unknown.
Federal Government Issues Joint Advisory
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint cybersecurity advisory on Black Basta, a ransomware hacker group that has compromised data across 12 out of 16 critical infrastructure sectors, including healthcare. The advisory outlines tactics, techniques, procedures, and indicators of compromise from FBI investigations and third-party reports. Healthcare organizations are urged to apply the recommended mitigations to reduce the risk of attacks. For detailed guidance, refer to the joint federal advisory available here.
Response and Recovery: Lessons Learned
The response to these breaches has varied, offering lessons for the industry. A lack of effective incident response plans, using MFA, timely communication, backups, and disaster recovery plans have been common weaknesses among all of the breaches. The biggest challenge of all is getting healthcare to invest in cybersecurity. Organizations that invest in a combination of leadership, resources, training, and audits are better positioned to reduce the impact of these attacks and recover quickly.
The Road Ahead
As we move forward, it's important for healthcare leaders to prioritize cybersecurity. The Whitehouse has proposed minimum cybersecurity requirements for healthcare (this undermines HIPAA in my opinion.) HHS with OCR has resumed its dormant HIPAA audit programs and are proposing new updates to the HIPAA Security regulations in 2024 in an effort to enforce cybersecurity and protect critical infrastructure!
