Here is in interesting stat, 2023 saw 114 data breaches of 100,000 or more records, including 26 breaches of more than 1 million records, 5 breaches of more than 5 million records, and one breach of 11.27 million records. The average data breach size in 2023 was 183,543 records and the median data breach size was 5,175 records.
Healthcare Seems to be a Target
The healthcare sector is the most vulnerable to cyberattacks, ahead of the public sector (16%), technology (11%), education (9%), and professional services (6%). Ransomware attacks are a top threat facing the healthcare industry. In a ransomware attack, hackers lock out healthcare Institutions from critical files and information and hold it hostage while demanding a payment in exchange for a decryption key to unlock the files.
So far, it looks like 2024 should be a banner year for Data Breaches. The following breaches in 2024 reportedly compromised personal data including Social Security numbers:
- Fallon Ambulance Service (FAS): In January 2024, an unauthorized actor breached the data storage of 900,757 individuals, including 9 million people
- Change Healthcare: In 2024, an external actor gained access to one of their internal portals, causing administrative and revenue-related issues for healthcare systems and providers
- Integris Health: In January 2024, 2,385,646 individuals were affected
- North Kansas City Hospital: In January 2024, 502,438 individuals were affected
- Azura Vascular Care: In January 2024, 348,000 individuals were affected
- Des Moines Orthopedic Surgeons, P.C.: In January 2024, 307,864 individuals were affected
Things to do to minimize being the victim of a Data Breach
Here are some things businesses can do to minimize the risk of a data breach:
Secure Passwords
Use strong passwords, Create unique passphrases that are not a dictionary word and are over 12 Characters in Length. Review Users Passwords often to ensure compliance. Assign or Approve passwords,. New Guidance says you only need to change these types of passwords if you forget them or you have been compromised. Use Multi-Factor Authentication because there is no excuse why you wouldn’t be
Update Systems and Monitor
Use updated software to keep systems secure. Seems like a no-brainer, but a lot of people forget and that Is called “just asking for it. Use your Built-in Security Dashboards and logs. Take a minute or twenty every day or maybe every other day the logs or dashboards for your firewalls, encryption, secure file-sharing software, and antivirus software to protect sensitive data.
Control Access
Lock up and secure the Physical and Prevent unauthorized access to business computers, and secure physical areas potentially related to the breach. Review Physical Access Restrictions, Review who has Access and Why? Also, Block and Monitor Outbound Suspicious or unusual traffic or high port numbers, also block outbound UDP if you don’t need it.
Educate and Train Employees
Teach employees cybersecurity best practices, and how to use complex passwords, and avoid opening attachments from unfamiliar senders. It may seem pointless at times but repetition is the key and
Other Super Important Things:
- Conduct regular audits and audit your system and device accesses and organize training sessions if you suspect human error.
- Regularly back up the data on all computers.
- Have an incident response plan
- Know how to secure your systems and fix vulnerabilities that may have caused the breach.
