Infoblox is pleased to publish our 2021 Healthcare Cyberthreat Intelligence Report.
Please register to download a copy here:
This report includes analysis of the major healthcare data breaches directly attributed to cyberattacks (“IT/Hacking”) within the US during calendar 2020. We will share our research and insight into cyberattack trends and events that continue to impact the healthcare industry. We feel that timely information on cyberthreats is vital to protect the healthcare user community at large.
The results of this healthcare research are summarized as follows:
- The 416 major data breaches reported in 2020 show a 33.3 percent increase over the 312 major data breaches due to cyberattack activity reported in 2019.
- In 2016–2020 inclusive, the total of healthcare data records stolen was approximately 91.8 million data records, about 27.7 of the entire estimated U.S. population of 331 million as of January 1, 2021.
- During 2020, U.S. healthcare organizations experienced data breaches due to cyberattack activity that impacted 26,424,309 patient records.
- 62 percent of the 100 largest healthcare cyberattacks in 2020 were directly attributable to ransomware per our analysis. Ransomware is by far the most predominant weapon of choice used by cyberattackers in their war on healthcare. Events related to the publicized Blackbaud ransomware breach also impacted healthcare data breach reporting in 2020.
- 13 percent of the 100 largest healthcare cyberattacks in 2020 were directly attributable to phishing.
- 10 percent of the 100 largest healthcare cyberattacks in 2020 resulted from stolen email credentials.
- Ryuk, Bazar Loader, Bazar Backdoor, and Trickbot are threat actor malware tools being actively used against U.S. healthcare institutions in association with ransomware activity.
- Trickbot’s Anchor_dns, a new and dangerous malware tool, is used to send and receive sensitive data from the compromised systems via Domain Name System (DNS) tunneling.
Chart – Major Healthcare Data Breaches 2016–2020 Due to Cyberattacks
The responsible healthcare organization reports major data breaches under the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Breach Notification Rule (CFR 164.400-414), which requires HIPAA covered healthcare entities and business associates to provide notification following a breach of unsecured protected health information (PHI). Our research data documents statistics around breaches we refer to as major. These major breaches are defined in HHS/OCR reporting as attributed to “IT/Hacking” and impacting more than 500 individuals as reported by the covered entity.
Our research team has reviewed a variety of information sources in the preparation of this report. These sources included:
- The accessible databases maintained within the U.S. Department of Health & Human Services Office of Civil Rights (HHS/OCR).
- Information published on the internet by recognized sources, press releases, and announcements provided by the impacted reported organizations.
- Publications of the Food and Drug Administration (FDA) on medical devices.
- Cybersecurity and Infrastructure Security Agency (CISA) advisories on healthcare threats.
- Infoblox threat research and documentation on the domain name system (DNS) security and threat intelligence.
Please follow this link to download the 2021 Healthcare Cyberthreat Intelligence Report:
If there are questions please reach out to us at firstname.lastname@example.org.