Ransomware attacks were often headline news in 2021, especially when healthcare providers were attacked. In many cases, the attacks forced hospitals to postpone appointments and procedures out of safety concerns, causing delays to the provision of treatment. According to the recently published Verizon 2022 Data Breach Investigations Report, across all industry sectors, ransomware attacks increased by 13% compared to the previous year – which is a greater increase than was observed in the past five years combined. In 2021, ransomware attacks accounted for 25% of all data breaches and 70% of malware-related breaches.
“The past year has been extraordinary in a number of ways, but it was certainly memorable with regard to the murky world of cybercrime,” explained Verizon in the report. “From very well publicized critical infrastructure attacks to massive supply chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months.”
The report was based on an analysis of 23,896 security incidents, which included 5,212 confirmed data breaches. 849 security incidents affected the healthcare industry, resulting in 571 confirmed data breaches – 99 more than the previous year.
2021 saw a major increase in supply chain attacks, which accounted for 65% of all system intrusions. Supply chain attacks have increased, but they are typically conducted by state-sponsored hackers for espionage purposes and data theft and are not financially motivated like ransomware attacks. Overall, and in the healthcare sector, the majority of cyberattacks were financially motivated. 95% of threat actors that targeted the healthcare industry were financially motivated, with 4% seeking access for espionage.
The report highlights patterns in data breaches by industry sector, with attacks on the healthcare industry seeing increases in system intrusions and basic web application attacks, with miscellaneous errors and privilege misuse declining. The healthcare industry is somewhat atypical as historically large numbers of data breaches were caused by insiders. In 2021, cyberattacks by external actors outnumbered insider breaches by around 4 to 1, with insider breaches accounting for 18% of data breaches across all industry sectors and 39% in healthcare.
The data analysis found that while malicious insiders are still causing data breaches, healthcare employees are 2.5 times more likely to make an error that results in a data breach than they are to maliciously misuse their access to sensitive data. The most common errors were misdelivery and loss, with little difference between the two. Personal data was compromised in 58% of breaches, medical data in 46% of breaches, and credentials in 29% of breaches. Basic web application attacks, miscellaneous errors, and system intrusions accounted for 76% of all healthcare data breaches.
Across all industry sectors, the human element was involved in 82% of data breaches, with a quarter of all breaches the result of social engineering. Employees are targeted as they are an easy entry point into networks, but errors such as misconfiguration of cloud services were also common and open the door to hackers. The high number of breaches involving employees highlights the importance of improving training, not just teaching employees how to recognize phishing emails, but also security best practices to try to reduce these errors and change employee behavior.