Reports on Increasing Healthcare Data Breaches in Q1 of 2024 and Decreasing Ransomware Attacks in 2024

Healthcare Data Breaches Increased by 53% From Q1 of 2024

Data compromises are 90% higher than in Q1 of 2023, as per the Data Breach Report in Q1 2024 published by the Identity Theft Resource Center (ITRC). In Q1 of 2024, 841 data breaches were publicly reported, which is higher than the 442 data breaches in Q1 of 2023. Although data breaches nearly doubled, the number of victims dropped by 72% compared to Q1 of 2023, and by 81% compared to the last quarter. The 841 data breaches affected 24,474,351 individuals.

In Q1 of 2023, the most attacked industry is healthcare; however, in Q1 of 2024, the healthcare industry is only number two with 124 breach notices and over 6 million breached records, following financial services with 224 breach notices and over 18 million breached records. The number of reported healthcare data breaches is 53% higher compared to Q1 of 2023 and 69.9% higher compared to Q1 of 2022. Nevertheless, the 6,071,259 victims in Q1 of 2024 is lower by 57.2% compared to Q1 of 2023 with 14,199,413 victims. The healthcare industry is number two on the top 10 list of breaches in Q1 of 2024 as Medical Management Resource Group (American Vision Partners) had 2.35 million breached records, following LoanDepot with over 16 million breached records. Still, healthcare leads the list with 6 of the 10 biggest data breaches in Q1 of 2024.

There were three times more companies affected by supply chain attacks in Q1 of 2024 than in Q1 of 2024, as 50 new attacks impacted 243 companies and affected the information of 7.5 million people. In Q1 of 2023, supply chain attacks impacted 73 entities and 11.4 million individuals. Cyberattacks were the number one reason for data breaches with 642 cases. Next are phishing/BEC/smishing attacks with 108 cases, and system and human error with 85 cases. It is currently more common for information regarding the cause of a data breach to be not included in notifications. In Q1 of 2024, 52.2% or 439 data breaches did not report the cause of the incident compared to 37.6% or 166 data breaches in Q1 of 2023. Over 66% of cyberattack-connected data breaches did not give details regarding the cause of the incident.

The increase in data breaches, especially when PHI is involved, is a real concern, but the number of victims affected, though still high, dropped, which is good. This may be because identity criminals have more targeted attacks, a tactic that is different from five or ten years ago. Businesses and individuals must use strong passwords and use Passkeys whenever possible.

More Cyberattacks But Less Ransomware Attacks

IT experts and security professionals think cyberattacks have increased as of 2023 based on the latest Keeper Security survey. The cybersecurity company surveyed 800 IT experts worldwide, and 92% stated they believe cyberattacks have gone up in the last year with 95% stating that cyberattacks are so advanced that they lack readiness to handle emerging threat vectors like fileless attacks (23%), unauthorized cloud control (25%), leveraged 5G networks (29%), deepfakes (30%), and AI-based attacks (35%). 40% of respondents stated that they experienced attacks from both external threat actors and insiders. The types of attacks that have become more frequent include phishing attacks (51%), malware attacks (49%), ransomware attacks (44%), and password attacks (31%). Most IT experts mentioned phishing and smishing attacks are becoming more difficult to identify because cybercriminals use generative AI.

2023 saw a spike in ransomware attacks, but attacks have dropped in 2024 as per the Israeli cybersecurity organization Cyberint. In 2023, victims of ransomware attacks increased by 55.5% as reported from 5,070 attacks. In Q1 of 2024, there were 1,048 reported attacks, which is 22% less than the 1,309 reported attacks in Q4 of 2023.

Cyberint gives some probable reasons for the drop. Law enforcement activity increased, which included two operations directed at two active ransomware groups, ALPHV and LockBit, that upset their campaigns. The disruption to LockBit operations was notably short, as the group claimed to have recreated its infrastructure within one week of the breakdown. In Q1 of 2024, 210 attacks were credited to LockBit demonstrating that the interruption was short-lived. The law enforcement operation in December 2023 took over parts of the infrastructure of the ALPHV group. Although the group stayed active, there were only 51 confirmed attacks in Q1 of 2024, which is less than the 109 attacks in Q4 of 2024. The ALPHV group likewise came back immediately and responded by removing limitations for affiliates, and urged attacks on the healthcare industry. The ALPHV group is deactivated now after the attack on Change Healthcare, but it is likely to rebrand and come back.

Cyberint additionally says that the lowering number of victims giving ransom payments made ransomware attacks less lucrative, so certain affiliates engage in other income sources. Information from the ransomware remediation company Coveware indicates that ransom payments dropped in Q4 of 2023, with just 29% of victims opting to give ransom payments. Ransom payments likewise fell to an average payment of $568,705 in Q4 of 2023, which is 33% less than the last quarter.

Although certain groups seem to have stopped their operations, a few new groups have surfaced. In Q1 of 2024, Cyberint monitored the appearance of 10 new ransomware groups. One is the RansomHub group that is seeking to extort Change Healthcare, and claims to have stolen data.

Although the decrease in ransomware attacks is good, it is still early to say if the decrease will go on or if it is only temporary. What is more sure is that, for a while at least, rans omware will likely still be one of the major cyber threats in healthcare.