DAILY NEWS CLIP: January 17, 2025

Finding some good news after a bad year for cyberattacks


Modern Healthcare – Friday, January 17, 2025
By Tim Broderick

After the worst year for healthcare data breaches, where the number of reported attacks topped 700 for the fourth-straight year and a record 184 million people had their healthcare data compromised, one would be hard-pressed to find a silver lining.

John Riggi, national adviser for cybersecurity and risk at the American Hospital Association, sees one.

“I have never seen the healthcare sector so engaged in cybersecurity,” he said, “from the [C-suite] level all the way down to operational staff.”

Riggi focuses on breaches involving a hack or information technology incident, which dominate the type of reported intrusions.

He said healthcare companies’ increased engagement with cybersecurity is leading to information being shared with authorities and across the sector in a timely fashion. As severe as the attacks on Change Healthcare and Ascension were, Riggi credits them for their willingness to cooperate with authorities.

“I would say Ascension in particular was very cooperative, which resulted in the issuance of national cyberthreat intelligence very quickly,” he said. He believes that quick action in sharing vital information about the hack helped head off additional attacks.

Such cooperation has not always been the norm, he said. “Far too often we still hear victims say that [their] counsel advised [them] not to cooperate or exchange information with the federal government because there’s a fear of civil or regulatory exposure.”

Companies that are victims of attacks have protections under the federal Cyber Security Sharing Act, Riggi said, which means they can work with agencies and share vital information without fear of legal or regulatory liability.

Threat to third parties

Even though healthcare providers were targeted far more often than business associates, the latter provided a bounty for hackers, according to a Modern Healthcare analysis of 2024 healthcare data breaches reported as of Jan. 14.

66% of individuals in 2024 were affected by a breach of a business associate versus 24% from providers, an increase over 2023 when 60% were due to business associate breaches.

While emphasizing that Change Healthcare was a victim, Riggi said the company is an unfortunate poster child for insecure third-party companies.

“Holding so much data and being so critical to the functioning of the entire healthcare sector, we believe they had special responsibility to secure that vast majority of the healthcare data they held,” he said.

Ransomware an increasing concern

Data available from the Health and Human Services Department’s Office for Civil Rights does not break out which breaches also involve ransomware. According to the FBI, this type of attack may not always involve data being stolen. Malicious software could simply lock access to a company’s data until a ransom is paid.

An analysis for Modern Healthcare by Black Kite, a Boston-based cyber third-party risk management company, estimates 23% of healthcare breaches in 2024 were ransomware attacks. That’s up from about 11% in 2023.

Riggi believes the percentage could be higher. “We do estimate that about a third of these reported hacks were actually ransomware attacks that were accompanied by data theft.”

He characterized such hacks as threat-to-life crimes, citing a ransomware attack on the University Medical Center Health System in Lubbock, Texas, last year. For several days, the attack forced the diversion of ambulances from the hospital, including the only Level-1 trauma center in the area.

Riggi doesn’t shy away from pointing out who he believes is responsible.

“The root of this problem is foreign bad guys, primarily based in Russia, China, North Korea and Iran, who are stealing our data,” he said.

Ferhat Dikbiyik, chief research and intelligence officer at Black Kite, predicts more such attacks this year.

“Ransomware in 2025 will be faster, bolder and more ruthless. Healthcare remains a bullseye, with new ransomware groups exploiting ethical and operational vulnerabilities.”

Access this article at its original source.

Digital Millennium Copyright Act Designated Agent Contact Information:

Communications Director, Connecticut Hospital Association
110 Barnes Road, Wallingford, CT
rall@chime.org, 203-265-7611