Nearly 106 million healthcare records have been exposed over the past 14 months owing to cybersecurity incidents, according to research by cybersecurity firm Tenable.

An analysis by Tenable’s Security Response Team (SRT) revealed 237 breaches in the healthcare sector in 2020. The incidents continued into 2021, with 56 breaches already disclosed by the end of February 2021, it said.

Of the 293 breaches analysed that have known to have exposed records in the 14-month period, 57.34 per cent publicly disclosed how many records were exposed. 102,907,137 healthcare records were exposed in 2020, with 2,864,677 disclosed so far this year (January and February).

One of the most prominent causes of healthcare breaches is ransomware. It accounted for 54.95 per cent of attacks.

The top ransomware used was Ryuk, accounting for 8.64 per cent of ransomware-related breaches. It was followed by Maze (6.17 per cent), Conti (3.7 per cent) and REvil/Sondinokibi (3.09 per cent), as per the report.

Third-party breaches

Furthermore, third-party breaches accounted for over a quarter of the breaches tracked and nearly 12 million exposed records. Apart from this, other causes for breaches included email compromise/phishing (21.16 per cent), insider threat (7.17 per cent) and unsecured databases (3.75 per cent).

Telehealth solutions surfaced as a prominent risk area over the last year in terms of cybersecurity amid the Covid-19 pandemic.

Covid, a wake-up call for cyber security

“While it may be the much-needed answer to getting medical care to those in need, beyond the limitations of social distancing norms, telehealth solutions considerably expand the surface area for attacks,” Tenable said.

“As the pandemic continues to place unprecedented strain on global healthcare infrastructure, attackers are finding what was already an attractive target even more enticing. Technology dependent services such as telehealth, Covid-19 contact tracing app, and a rush to develop and distribute vaccines have greatly expanded the attack surface. With no signs of cyberattacks slowing down in 2021, healthcare organisations need the resources and tools necessary to understand and reduce their cyber risk,” said Rody Quinlan, Security Response Manager, Tenable.

In order to reduce the risk of attack and security breaches, Tenable advised firms to prioritise vulnerabilities in their system. Organisations must identify and patch security flaws immediately.