Cyber breaches, especially in the health care industry, continue to plague companies of all sizes.  Chilivis Grubman attorneys routinely discuss cyber-related developments.  In May 2022, CG attorneys discussed the ARcare data breach that potentially affected over 345,000 individuals. In June 2022, CG attorneys discussed 50 facilities and 2 million individuals potentially affected by a cyberattack on a single company.  

The data regarding the prevalence of cyber incidents is striking.  Fortified Health Security, a cybersecurity company dedicated to helping medical providers, payers, and business associates with cybersecurity, recently released its 2022 mid-year Horizon Report.  Fortified has been publishing its Horizon Reports since 2017 to help stakeholders navigate the complex landscape of cybersecurity.  

Fortified’s newest Horizon Report offers surprising and not-so-surprising data points related to cybersecurity.  First, there was a slight reduction in the number of breaches affecting 500 or more records in the first half of 2022 (357 breaches) compared to the number of breaches (368) in 2021.  However, healthcare providers should not take a victory lap.  The number of breaches affecting 500 or more records in 2022 is over 300% higher than in 2012, which saw just 111 breaches.  And the number of breaches in the first half of 2022 is the second highest number of breaches since 2010.  Also, healthcare providers account for 72% of the breaches, followed by business associates and health plans which made up 16% and 12% of the breaches, respectively. Breaches affecting business associates increased in 2021. Overall, over 19.9 million records have been affected so far in 2022.  Despite these striking numbers, according to a survey by Fortified, 54% of Chief Information Security Officers believe that the C-suite is not investing enough in cybersecurity. With 80% of the breaches arising from Hacking/IT incidents (a 7% increase from 2021), Fortified warned that “[t]he continued prevalence of healthcare cyberattacks should serve as a wakeup call for all healthcare leaders to assess their current security postures and take action to decrease risk and increase visibility and capability.”

Fortified also provided valuable tips for any person or entity concerned about cybersecurity.  According to Fortified, leaders should consider: (1) the resilience of their organization’s cybersecurity to defend against attacks; (2) any changes in their work environment and whether their cybersecurity program adapted to those changes; (3) how staffing affects an organization’s ability to monitor, detect, and protect critical assets; and (4) where the cybersecurity program ranks amount C-suite priorities.  In addition to these considerations, Fortified also provided general tactics that organizations can utilize in strengthening their cybersecurity program.

Organizations must take cybersecurity seriously, as the ramifications of an incident can be detrimental and have a widespread impact on an organization’s resources, operations, and consumer trust.  As Fortified noted, “[a]dopting a proactive security approach with a comprehensive monitoring and detection capability will serve as the first line of defense…”

The attorneys at Chilivis Grubman represent clients of all sizes in connection with data breaches and cybersecurity matters, including regulatory obligations and litigation arising therefrom.  If you need assistance with such a matter, please contact us today.