The tendency of healthcare data breaches continues to grow. As healthcare security violations go on impacting small and big enterprises all over the USA, data breaches related claims spread rapidly. The law office BakerHostetler announced its Annual Data Security Incident Response (DSIR) Report. This report shows the following.
Shortly about the BakerHostetler DSIR Report
In its 8th Annual Data Security Incident Response (DSIR) Report, the BakerHostetler company has studied about 1200 security data incidents from the previous year. These cases have engulfed various spheres. The healthcare field has suffered the biggest damage. 23% of investigated cases have impacted this sphere. The law office mentioned in their report, that 23 cases led to a few legal actions. Although it may appear that it is not that many, more than 58 litigations started because of these 23 cases. So, here are some overall litigation tendencies in the healthcare sphere in 2021, that BakerHostetler has mentioned in the DSIR Report:
The Rise of Ransomware Attacks
Since 2020 the number of ransomware attacks has increased by 10%. This trend doesn’t seem to decline in 2022. It concerns the healthcare sphere in particular. 35% of security cases in the healthcare sector, that BakerHostetler has investigated in 2021, concern ransomware attacks. In 2022 it is already 20%. At the same time, the sum demanded and paid while ransomware attacks have decreased. The amount of money demanded and paid in 2021 is about two-thirds of the sum paid in 2020. In the absolute majority of cases, cyber-villains have restored stolen data after the redemption payment.
The risk of data disclosure has induced victims to pay ransoms even if they could restore data on their own. 33 percent of suffered individuals have paid redemptions even though they could restore a part of stolen data from their reserve copying. While 24 percent of victims have paid buyouts even when they have restored all stolen data on their own. The BakerHostetler law company also noticed the trend of using double and triple extortion tactics among cyber villains. Their purpose was to exert bigger pressure on suffered individuals while demanding a ransom.
The Increase of Business Email Compromise Attacks
Business Email Compromise (BEC) Attacks also considerably increased. It is a kind of threat, where cybercriminals use social engineering and phishing to access corporate email profiles. They use these accounts to make fraudful payments under the guise of the company. Yes, the time of threat detecting to bring stolen money back decreased. In 2021 it was 43%, while in 2020 it was 38% overall. But unfortunately, the number of companies responsible for notifying individuals suffered from the data breaches and regulatory authorities increased. There were 43% of cases if 2020, while in 2021 there were already 60%.
Class Action Proceedings are More Pervasive Nowadays
Today it is more common for companies to encounter class action proceedings after information security cases. Usually, big data security incidents get these proceedings. But now it becomes more and more widespread when class action proceedings for smaller data security cases also lead to judicial actions. BakerHostetler mentions this tendency in its DSIR report.
In 2021, 23 cases of data disclosures led to legal actions compared to 20 in 2020. 11 claims concerned data incidents of about 700K individuals. 3 complaints about cases of about 8K of suffered individuals were submitted. As for the healthcare organizations, BakerHostetler notices in its report, that more than 58 legal actions about 23 cases were submitted. 43 of them were filed because of the data security violations, done by healthcare organizations.
The HHS Office for Civil Rights (OCR) Asks for Recognized Security Practice Evidences
Healthcare organizations suffered a record-breaking amount of data breaches in 2021. More than 700 suffered individuals filed complaints to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) last year. While in 2020 the quantity of complaints is estimated to be more than 660. Also, the Department of Justice received more data breaches reports for further investigation of possible violations in 2021, than in any previous year.
Check our news portal to always stay informed!
