Cybersecurity News

Verizon DBIR: Healthcare Cyberattacks Increase, Insider Threats Remain

The Verizon Data Breach Investigations Report (DBIR) showed an uptick in basic web application attacks and system intrusions in healthcare as cyberattacks increase across all industries.

Verizon DBIR: Healthcare Cyberattacks Increase, Insider Threats Remain

Source: Getty Images

By Jill McKeon

- The Verizon Business 2022 Data Breach Investigations Report (DBIR) showed an increase in cyberattacks across all sectors, and healthcare was no exception. Accounting for all analyzed sectors, Verizon observed a troubling 13 percent increase in ransomware year-over-year, signifying an increase greater than the past five years combined.

Researchers analyzed a total of 23,896 security incidents, 849 of which occurred in the healthcare sector. Of the observed cyber incidents in healthcare, 571 resulted in confirmed data disclosure. In last year’s report, researchers observed 655 healthcare incidents, with 472 resulting in confirmed data disclosures.

Verizon defined an “incident” as a security event that compromises the integrity, availability, or confidentiality of information, while a “breach” is defined as an incident that results in confirmed disclosure of data to an unauthorized party.

Although healthcare is notorious for the prominence of insider threats, external threats accounted for 61 percent of threat actors, a percentage that did not budge even one percentage point compared to last year’s report.

“While the make-up of the insider breach has moved from being largely malicious misuse incidents to the more benign (but no less reportable) Miscellaneous Errors, we have always been able to rely on this industry to tell the insider threat story,” the 2022 report noted.

“With the rise of the Basic Web Application Attacks pattern in this vertical, those inside actors no longer hold sway.”

The top three patterns remained the same, but the order changed. Basic web application attacks overtook miscellaneous errors in causes of breaches in the healthcare sector. In fact, basic web application attacks, miscellaneous errors, and system intrusions represented 76 percent of all healthcare breaches.

The report emphasized that this shift does not mean that insider threats are no longer significant, even as external threats become more prominent. Employees are still causing breaches, but they are 2.5 times more likely to make an honest error via misdelivery or loss than to maliciously misuse their access privileges, Verizon stated.

A quarter of the total breaches observed in the report (accounting for all sectors) were the result of social engineering attacks. After factoring in human errors and privilege misuse, the human element accounted for 82 percent of analyzed breaches in 2021. 

Still, the rise in basic web application attacks shows that external actors are getting stronger and more successful in healthcare and beyond.

“It wasn’t until 2019 that we started to see the rise of Basic Web Application Attacks, and they have clearly become a serious problem for everyone, not just this industry,” the report explained.

“Healthcare has increasingly become a target of run-of-the-mill hacking attacks and the more impactful ransomware campaigns.”

Consistent with larger ransomware trends, 95 percent of threat actors were financially motivated in healthcare, compared to 4 percent motivated by espionage and 1 percent each by convenience and grudge.

“Over the past few years, the pandemic has exposed a number of critical issues that businesses have been forced to navigate in real-time. But nowhere is the need to adapt more compelling than in the world of cybersecurity,” Hans Vestberg, CEO and Chairman at Verizon explained in an accompanying press release.

“As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure, and customers protected.”