The number of malicious data breaches increased 55% from 2019 through 2020, driven by several high-profile breaches, according to Advisen data.
This spike reverses the downward trend in the previous few years, as bad actors searched for more lucrative options—namely ransomware. Time will tell if the spike in malicious data breaches during a period dominated by the pandemic will continue into the post-COVID world.
In Advisen’s loss database, a malicious data breach is classified as a situation where personal confidential information or digital assets have been exposed or stolen by unauthorized internal or external actors. It may occur as the result of a ransomware attack.
Notable data breaches in 2020 included the Blackbaud ransomware attack. The cloud-based service provider found that backup files with client information had been breached, affecting thousands of people and exposing the information of nearly 900 companies. Another example was a data breach at British tech giant Advanced Computer Software, which exposed the information of nearly 200 law firms, according to Advisen data.
During the pandemic, the transition to remote work and an increased reliance on mobile devices left organizations vulnerable to malicious data breaches. And, in the healthcare sector, the accelerated implementation and use of new technology due to the increased dependence on telehealth left the industry vulnerable to bad actors, causing a shift in the most frequently targeted industries, according to Advisen’s loss database.
Initial theories that bad actors would forgo attacks on healthcare organizations amid a pandemic proved to be false. On the contrary, recent reports of eastern European cybergang Ryuk indicate that some gangs have been intentionally targeting the healthcare industry.
Hospitals are lucrative targets for cyberattacks because of the in-depth information they store and often have less mature cybersecurity protocols than what is typically seen in other industries, like finance and insurance.
Contact us at Neckerman Insurance Services for more cybersecurity guidance.
2021 Zywave, Inc.