• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

New Healthcare H2 2022 Data: Reported Breaches Trend Down, But Individuals Affected Skyrocket by 35% to Nearly 29M

by Syed Hamza Sohail 02/24/2023 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

What You Should Know:

– Critical Insight, the Cybersecurity-as-a-Service provider specializing in helping critical organizations Prepare, Detect, and Respond in today’s threat environment releases its H2 2022 Healthcare Data Breach Report, which analyzes ​​breach data reported to the U.S. Department of Health and Human Services by healthcare organizations.

– The number of data breaches affecting healthcare providers declined in the second half of 2022, consistent with a downward trend over the past two years, but a deeper dive into the data reveals that current breach totals are still higher than pre-pandemic levels; breaches are affecting more individuals; and hackers are shifting tactics to attack weak links in the healthcare system supply chain, most notably attacking EHR systems.

Key Findings From the Healthcare Data Breach in 2H 2022

The report shows that while the number of data breaches affecting healthcare providers declined in the second half of 2022, the number of individual records exposed by these breaches increased by 35%. The report also highlights the evolving tactics of hackers and the need for healthcare organizations to prioritize preparation, detection, and incident response.

Key Findings: 

● Breach numbers are down: Total breaches dropped 9% between the first six months of 2022 and the year’s second half, declining since a high-water mark at the height of the pandemic from 393 breaches in the second half of 2020 to 313 in the latest reporting period.

● Records affected are up: The number of individual records exposed by breaches skyrocketed by 35% in the second half of 2022 to hit 28 million. In other words, fewer but more significant breaches reflect consolidation within the industry and the evolving tactics of attackers.

● Hacking remains high: Most data breaches are due to hacking. Healthcare organizations have done an excellent job of shoring up their policies around handling and storing medical records. Hacking accounted for 79% of all incidents and 84% of individual records exposed in 2022.

● Most common breach causes: Unauthorized access/disclosure now affects more records per breach than any other breach type. On average, the number of individuals affected per unauthorized access/disclosure breach spiked from 5,700 in the first half of 2022 to over 143,000 in the second half. By comparison, the average number of individuals affected per hacking breach grew from 73,900 to 87,000 in 2022.

● Who’s getting breached?: Attackers continue to attack hospitals but have found increasing success targeting business associates and third-party vendors such as electronic medical record providers, lawyers, accountants, billing companies, and medical device manufacturers. In the second half of 2022, more records were exposed due to breaches at business associates (48%) than actual healthcare providers (47%). 

● What we’re watching: Attacks against EMR systems which were non-existent in past years, spiked to 7% in the first half of 2022 and 4% in the second half of 2022. For the full year 2022, EMR-related breaches accounted for 6 million individual records exposed.

“As the healthcare industry continues to face a rapidly evolving threat landscape, it’s crucial for organizations to stay ahead of the curve and stay prepared,” said John Delano, Healthcare Cybersecurity Strategist at Critical Insight and Vice President at CHRISTUS Health. “Our latest H2 2022 Healthcare Breach Report highlights the shifting tactics of attackers, who are now targeting smaller entities with weaker cyber defenses. Organizations must stay vigilant and proactively defend against these threats to protect patient data and maintain the trust of their patients and the public.”

This report provides valuable insights into the current state of healthcare breaches and the need for organizations to implement a comprehensive security strategy, including risk assessments, third-party risk management, and incident response planning.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: CHRISTUS Health, Cybersecurity, Department of Health and Human Services, electronic medical record, EMR, Health and Human Services, Healthcare Data, Healthcare Data Breach, HIT, Medical Device, medical records, risk

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Paradigm Shift in Diabetes Care with Studio Clinics: Q&A with Reach7 Founder Chun Yong

Most-Read

Medtronic to Separate Diabetes Business into New Standalone Company

Medtronic to Separate Diabetes Business into New Standalone Company

White House, IBM Partner to Fight COVID-19 Using Supercomputers

HHS Sets Pricing Targets for Trump’s EO on Most-Favored-Nation Drug Pricing

23andMe to Mine Genetic Data for Drug Discovery

Regeneron to Acquire Key 23andMe Assets for $256M, Pledges Continuity of Consumer Genome Services

CureIS Healthcare Sues Epic: Alleges Anti-Competitive Practices & Trade Secret Theft

The Evolving Role of Physician Advisors: Bridging the Gap Between Clinicians and Administrators

The Evolving Physician Advisor: From UM to Value-Based Care & AI

UnitedHealth Group Names Stephen Hemsley CEO as Andrew Witty Steps Down

UnitedHealth CEO Andrew Witty Steps Down, Stephen Hemsley Returns as CEO

Omada Health Files for IPO

Omada Health Files for IPO

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |