Impactful cybersecurity lessons to learn from healthcare data infringement instances of 2021

More than 22 million lives were affected by the healthcare data infringements that took place throughout 2021. Perhaps 2021 was the year to see some biggest cyberattack instances in the field of healthcare. This has served as an impactful lesson to the entire healthcare industry prompting them to raise standards of cybersecurity measures. Healthcare cyberattack is one of the most common cyberattack categories as it holds highly revenue drawing data. Healthcare data contains expensive and sensitive information that is immensely preferred by perpetrators. Moreover, most healthcare cyberattack instances in 2021 are caused by vendors or in the supply chain operations.

Accellion Data Breach

The biggest mistake identified in the case of Accellion is not concealing the known gaps of cybersecurity, which had cost them 100 healthcare companies. Clop ransomware group successfully victimized Accellion to launch healthcare data infringement upon some largest healthcare organizations attached to Accellion which include Krogers, California Health and Wellness, and Trinity Health, some of the biggest healthcare names in the industry.

Florida Healthy Kids Blunder

Way before the central incident occurred, healthcare data infringement was taking place. The vendor who served the healthcare company revealed it is due to some unpatched vulnerabilities which were tampered with by unauthorized intruders. Almost 3.5 million lives were affected by endangering social security numbers, financial information, dates, and family details.

20/20 Eye Care Network Crisis

The company in May found a large bulk of data was missing. Further investigation revealed that they fell victim to healthcare data infringement. Although it was not clear what healthcare data were accessed, they could just figure out that all the information was deleted. They took cloud services from Amazon Web Services. The cybersecurity cell realized health insurance details, member ID numbers, and multiple details were downloaded, however still unclear about the exact breach.

CaptureRx Cyberattack

The company is an associate to HIPAA, by facing a ransomware attack they lost contacts with healthcare clients. The allegedly stolen data included multiple pieces of information involving millions of patients. Later the report was registered to HHS after the conclusion of the investigation concerning the healthcare data infringement.

Forefront Dermatology Oversight

The company had realized the healthcare data infringement long after it happened, at least this is what appeared. While the cyberattack started to surface on May 28, it came to the mainstream on June 4. As shared by SC Media, a screenshot brought this to the public eye of how Cuba Hacking Group posted the captured data from the company. The obtained details included clinical treatment information, patient record, insurance information, and other such particulars.

DNA Diagnostic Data Burglary

Healthcare data infringement that occurred in DNA Diagnostics was connected to a national genetics testing system initiated by the company in 2012. Although it was hardly in operation it suffered massive archived database robbery. Only a few data were extracted from the network by the attacker and removed amongst the 2.1 million that were endangered. However, it was recovered later.

Eskenazi Health Example

The ransomware attack that took place in the company’s healthcare database, however, was inevitable but the response issued by the company was commendable. Immediate actions were taken by implementing an e-downtime procedure which saved the rest of the data from being in danger. Moreover, with each step, they kept their stakeholders aware as to what was being done. Ahead of the media circulating the news, stakeholders were aware. This helped them gain additional trust from the clients.

St. Joseph/Candler Health System

As an attempt to prevent a ransomware attack, the healthcare company performed an EHR downtime procedure, which hindered patients from accessing their data for medical concerns for more than a week. The patients filed a lawsuit against the company for the trouble it caused. However, everything happened to the response of a healthcare data infringement, which was uncontrollably catastrophic either.

UMC of Southern Nevada

After a ransomware attack by REvil, the cybercriminals engaged in this deed leaked the captured healthcare data by escaping the entire cybersecurity setup.

This had happened in early June and as claimed by the company was caught within 24 hours.

PracticeFirst Medical Management Solution

The medical management vendor serves healthcare providers with services like data processing, billing, coding and etc. A malware attack was reported in the company affecting 1.2 million lives which took the company six long months to disclose to the patients.  Both employee and patient data were accessed, extracted, and destroyed.