A new report shows the total number of individuals impacted by data breaches at health plan organizations increased by more than 1,000 percent in the first five months of 2018.
Fortified Health Security’s 2018 Mid-Year Horizon Report highlights the growing number of cybersecurity attacks in the form of phishing campaigns, ransomware attacks and breaches initiated through email.
Health plans reported 24 breaches that affected 884,360 individuals in the first five months of the year, up from 15 breaches affecting 70,166 individuals during the same period last year, reports Health IT Security.
Business associates also saw a significant spike, reporting 12 breaches affecting 100,602 in the first five months of 2018, up from seven breaches affecting 71,462 individuals during the same period last year.
While the surge in health plan data breaches is significant, healthcare providers still make up the biggest share of healthcare data breaches, accounting for three-quarters of all reported breaches and 65 percent of individuals affected.
Overall, in the first five months of 2018, 149 reported breaches affecting over 2.8 million individuals, compared to 134 breaches affecting 2.0 million individuals during the same period in 2017.
Email attacks accounted for almost 28 percent of all reported breaches in 2018, up from three percent last year, according to the report.
“While we have made progress in some areas and continue to invest in cybersecurity as an industry, most healthcare organizations are not allocating enough capital to keep up with the momentum of our adversaries,” said Fortified Health Security President Dan L. Dodson. “It’s important to remember that training and awareness should be the cornerstones of any solid cybersecurity program as having the right people in place continues to be our biggest challenge.”
The report further discusses the human capital struggle experienced by many healthcare organizations, advising providers to deploy a comprehensive cybersecurity risk program, according to Markets Insider.
The report also explains how protecting connected medical devices continues to be a concern for healthcare providers and device manufacturers.
“While the FDA’s plan is well-intended and addresses certain aspects of the risks associated with connected medical devices, there are several gaps that still need to be addressed,” said Dodson, referring to the FDA’s recently released Medical Device Safety Action Plan. “Also, until the FDA, HHS and by default the OCR, get on the same page and force manufacturers to take security seriously, and hold them accountable, the industry will continue to struggle, and the risk of catastrophic failure will increase.”