Healthcare Data Breaches Hit All Time High | Amazon Sharing Ring Footage Without Consent | Data Breaches Linked To Ransomware Declined

Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group

Healthcare Data Breaches Hit All Time High

First, let’s cast our minds back to 2021. Critical Insights have released a report which shows how healthcare data breaches hit an all-time high in 2021. It is thought that this has affected over 45 million people, up from 34 million in 2020.

This statistic has tripled in just three years, growing from 14 million in 2018 according to the report. It’s important to note that this report only analyses breach data reported to the U.S. Department of Health and Human Services by healthcare organisations, so the true figure could be much higher.

The total number of individuals affected increased 32% over 2020, meaning that more records are exposed per breach each year. John Delano, Healthcare Cyber Security Strategist at Critical Insight and Vice President at Christus Health, said in a statement:

“As we continue into 2022, healthcare organisations need to be on guard not only of their cyber security posture but also of third-party vendors that have access to data and networks. We are seeing more awareness and proactive approaches to cyber security within this sector, but there is still a long way to go.”

The report suggests that with healthcare IT departments continuing to be stretched thin dealing with pandemic-related crises, routine security measures may be falling by the wayside, leading to breaches going undetected for weeks and efforts to validate the security measures undertaken by affiliates and third parties falling short.

It also emphasises that despite these challenges, security teams at healthcare organisations shouldn't be letting their guard down. Attackers are aiming at bigger targets. Exploits, particularly ransomware, are becoming more sophisticated. And cybercriminals are expanding their activities to take advantage of security vulnerabilities across the healthcare supply chain, from business partners to health plans to outpatient facilities.

To shore up their defences, healthcare organisations need to establish a comprehensive risk management program and should classify their business associates by level of risk based on the type of data third parties are able to access, according to the report.

Other steps organisations can take include establishing procedures and processes to vet third parties before granting them access to data, emphasising security in any business agreement with third parties and working with cyber security companies for managed intrusion detection and response services.

The full report can be read below.

Source - Healthcare Data Breaches - Fierce Healthcare

Source - Critical Insight Healthcare Data Breach Report

Amazon Sharing Ring Footage Without Consent

Amazon has admitted that its Ring security cameras have sent recordings to police without the knowledge or consent of the people who own the cameras.

In a letter from Amazon that was sent to US Senator Ed Markey, Amazon said it has handed over private recordings to police eleven times so far in 2022. The company said it was complying with an "emergency request”.

Though the internet giant has a policy that police generally cannot view recordings without the owner's consent, that safeguard can be overridden with court orders and emergency requests – and it was through these emergency requests that Amazon gave the police people's video data, without permission and no indication of a warrant. What constitutes an emergency request is left up to Ring itself, too.

"In each instance, Ring made a good-faith determination that there was an imminent danger of death or serious physical injury to a person requiring disclosure of information without delay.”

The move will raise further concerns over Ring’s cameras, which have been criticized by campaign groups and lawmakers for eroding people’s privacy and making surveillance technology ubiquitous.

In response, Ring says it doesn’t give anyone “unfettered” access to customer data or video but may hand over data without permission in emergency situations where there is imminent danger of death or serious harm to a person.

The full statement by Amazon can be read below.

Source - Amazon Giving Ring Footage - Mashable

Source - Amazon Giving Ring Footage - The Register

Source - Amazon Statement To US Senator

Data Breaches Linked To Ransomware Declined

Finally, let’s look at data from the Identity Theft Resource Centre (ITRC). The data shows, interestingly, that ransomware attacks leading to data breaches fell 20% in the second quarter of 2022 compared with the first quarter and dropped quarter over quarter. The ITRC report notes:

"Security researchers believe that the decline in ransomware attacks is due to a combination of factors, including the ongoing conflict in Ukraine and the collapse of cryptocurrencies favoured by cybercriminals."

However, they were also quick to note that all of these trends – fewer compromises, fewer victims, few ransomware attacks – could be reversed quickly with just a handful of large breaches or a series of smaller ones.

The ITRC report says that phishing remained the number one cause of data compromises in the first half of 2022. Data compromises rose slightly in the second quarter of the year. But the ITRC study also shows that the data indicating a downward trend in breaches and ransomware numbers could be an illusion, masked by the nearly 40% of data breach notices that don't include basic information, such as attack vector or a victim count.

The full report can be read below.

Source - Breaches Linked To Ransomware Declined - Dark Reading

Source - Identity Theft Research Center Report