December 6, 2021

Volume XI, Number 340

Advertisement
Advertisement

December 06, 2021

Subscribe to Latest Legal News and Analysis

Cyber Criminals Focusing on Clinics + Business Associates

As hospital systems become more hardened to cyber-attacks, cyber criminals are focusing their efforts on smaller providers, such as outpatient clinics, specialty clinics and business associates, according to a report by Critical Insight.

The report states that “Data on cyber-attacks from the first half of 2021 shows criminals are changing targets within the healthcare ecosystem, with breaches increasing for outpatient facilities and business associates. The data also shows some long-term trends continuing, with overall attacks on an upward trend.”

Analyzing data on the Department of Health and Human Services’s breach reporting website, the report states that “more than 70% of the breaches reported during the first six months of 2021 were classified as a ‘hacking/IT incident….Outpatient facilities, including family medicine and specialty clinics, were a common source of data breaches, and business associates were heavily targeted as well.”

Key findings of the report show:

  • Breaches up nearly 2x since 2018 and on an increasing trajectory;

  • Increase in breaches attributed to hacking/IT incidents, with the number of hacking/IT incidents up over 3x since 2018 and on an increasing trajectory;

  • Business Associates now account for 43 percent of all health care breaches, the continuation of a three-year upward trend; and

  • Outpatient facilities and specialty clinics were breached nearly as much as hospitals in H1 2021.

The message is clear that threat actors are shifting their targets to smaller entities that may not have sophisticated security measures in place to defend themselves against attacks and these attacks have been successful. The trend is alarming and worthy of attention for smaller healthcare entities and business associates.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 280
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement
Advertisement