2024’s Major Cybersecurity Breaches in the Healthcare Space

Months to go before the year 2024 ends, however, the healthcare sector has already encountered an alarming number of cyberattacks. With over 280 incidents reported so far, these breaches represent 24% of all cyber events in the United States alone.

High-profile attacks on organizations such as Change Healthcare, Kaiser Permanente, Ascension, OneBlood, and HealthEquity have compromised extensive amounts of protected health information (PHI) and severely disrupted healthcare services.

These incidents underscore the critical need for enhanced cybersecurity measures within the industry. In this article, let’s have a look at the major cybersecurity breaches that crippled the healthcare sector.

Major Cyber Attacks This Year

Change Healthcare

The year began with the most devastating ransomware attack on the USA’s healthcare giant Change Healthcare that led to a complete shutdown of its services. This attack disrupted operations across hospitals, practices, pharmacies, and medical billing companies throughout the United States.

Essential functions such as e-prescribing, claims processing, and patient verifications were halted, causing widespread delays and interruptions in care.

The breach has had a significant impact on healthcare delivery, potentially affecting one-third of Americans. Despite ongoing recovery efforts, many Change Healthcare services remain partially or fully offline, highlighting the long-lasting effects of such a cyberattack on the healthcare system's ability to operate effectively.

HealthEquity

On March 9, 2024, HealthEquity, a leading administrator of health savings accounts (HSAs), suffered a major data breach, which was identified on June 26, 2024.

The breach, traced to an external hacking incident, affected approximately 4.3 million Americans. Compromised data included personal details such as names, addresses, and social security numbers, raising concerns about potential identity theft.

The delay in detecting the breach—nearly three months—highlights the challenges organizations face in identifying and responding to complex cyber-attacks. The incident underscores the need for improved detection mechanisms and quicker response times to protect sensitive information and prevent further damage.

Kaiser Permanente

Next month, on April 12th, Kaiser Permanente disclosed a major data breach involving 13.4 million individuals. Unlike traditional cyberattacks, this breach resulted from tracking code embedded in the insurer’s web pages and mobile app, inadvertently sharing sensitive data with third parties.

This exposure of personal health information, including member names, IP addresses, and search terms, violated HIPAA privacy regulations.

The breach has raised significant concerns about data privacy and compliance with healthcare regulations. Kaiser Permanente has since removed the tracking code, but the incident has prompted discussions about the need for stricter controls and oversight to prevent similar breaches in the future.

Ascension

Just days after data breach on Kaiser, Ascension faced a severe cyberattack that led to extensive operational disruptions across its network of hospitals. The attack caused outages that affected electronic health records (EHR), pharmacy processing, and patient portal access.

The disruption impeded critical healthcare services and access to patient information, impacting both clinicians and patients.

Ascension has been working diligently with cybersecurity experts to restore normal operations and reconnect with partners and vendors. The organization has been providing updates on the recovery process, aiming to resume full service and mitigate the long-term impact of the attack on patient care and hospital operations.

OneBlood

In the first week of August 2024, OneBlood, a non-profit blood donation center serving hospitals across the southeastern United States, reported a ransomware attack that severely disrupted its operations.

The attack has led to an urgent appeal for donations of O-positive and O-negative blood types, as well as platelets, to address a critical shortage.

The ransomware attack has also significantly impacted OneBlood’s ability to function normally. Although the center has not yet confirmed whether any personal information of donors, including test results, blood types, or medical history, has been compromised, the lack of clarity on data exposure has raised concerns among donors and healthcare partners.

In response, OneBlood has alerted its network of over 250 partner hospitals to activate their critical blood shortage protocols. The blood centers, in collaboration with the AABB Disaster Task Force, are working to send additional blood supplies to mitigate the disruption’s impact.

Key Recommendations

The cyber incidents of 2024 highlight the need for robust cybersecurity measures. Common vulnerabilities include weak password protocols, outdated software, and insufficient encryption.

Cybercriminals exploit these weaknesses through various methods, including ransomware, malware, phishing, and denial of service attacks.

To improve protection against cyber threats, independent practices should be implemented:

- Enhanced IT Security: Utilize multi-factor authentication, firewalls, antivirus software, and encryption. Regularly update software and apply patches to address vulnerabilities.

- Staff Training: Foster a culture of cybersecurity awareness with regular training on device security, recognizing phishing attempts, and reporting suspicious activity.

- System Audits: Conduct regular audits to identify security gaps and perform routine updates and hardware maintenance.

- Incident Response Plan: Develop and update an incident response plan detailing steps to identify, contain, and recover from cyber incidents.

The first half of 2024 has demonstrated the urgent need for improved cybersecurity within the healthcare sector.

Proactively implementing robust security measures can significantly reduce the risk of cyberattacks and mitigate their impact, ensuring better protection for patient information and operational stability.