At the end of 2022, ProcessBolt employed machine learning in conjunction with ThreatScape, an attack surface management tool, to predict 50 companies that were candidates for being breached in 2023. The underlying concept of an attack surface monitoring and management tool like ThreatScape is its capacity to utilize publicly available information as an indicator of the effectiveness of an organization’s information security program, and thereby its vulnerability to cybersecurity threats. By examining the internet-facing attack surfaces of hundreds of thousands of organizations, we were able to identify and predict the top 50 candidates most likely to be targeted.
Atrium Wake Forest Baptist, one of the 50 candidates flagged due to vulnerabilities identified by ThreatScape, was breached in June 2023. While we won’t disclose the specific indicators that led to Atrium Wake Forest Baptist’s inclusion on the list, to avoid inadvertently creating additional targets, it’s important to acknowledge the growing cyber threat facing healthcare organizations.
Healthcare organizations experienced 1,426 attacks per week in 2022, up 60% compared to 2021. On top of this, the average cost of a breach in healthcare continues to increase. The cost of a healthcare data breach is averaging nearly $11 million, up 53% since 2020.
The increase in the cost of healthcare breaches is driven in part by the fact that is becoming increasingly common for class action lawsuits to be filed against health systems in response to data breaches. In July 2023, a class action lawsuit was filed against Johns Hopkins Health System in response to the MOVEit breach, alleging that the health system did not implement safeguards to protect the Personal Identifiable Information (PII) of affected patients. The lawsuit claims that the health system broke its implied covenant of good faith by failing to maintain adequate security protocols.
This increase in breaches is in part due to the valuable and highly sensitive nature of the PII they manage. Healthcare organizations store an abundance of comprehensive medical records, insurance details, and personal data, making them a treasure trove for cybercriminals. The information contained in these records – from social security numbers to medical histories – can be exploited for a variety of malicious activities, such as identity theft, fraudulent insurance claims, or even extortion. Moreover, the real-time nature of healthcare operations means that any disruption to systems, such as those caused by ransomware attacks, can have life-threatening implications. This adds a layer of pressure on these organizations to meet attackers’ demands swiftly. Consequently, the richness of data combined with the high-stakes environment makes healthcare organizations especially attractive targets for cybercriminals.
Get your Free ThreatScape Report Today!
ProcessBolt’s ThreatScape can help you protect against gaps in your company’s and your vendors’ digital ecosystem by identifying and monitoring internet-facing assets in real-time. Don’t let your organization fall prey to cyber threats. Get your free ThreatScape report today and discover how ProcessBolt can help manage your third-party risk effectively.