About 237 breaches hit the healthcare sector globally in 2020, while 56 more have already been disclosed by the end of February 2021, said a report from cybersecurity company Tenable.
Of the 293 breaches known to have exposed records in the 14-month period analysed, 57.34 per cent publicly disclosed how many records were exposed.
While over 10 crore healthcare records were exposed in 2020, 28.6 lakh records have been disclosed so far in the first two months of 2021, showed the data.
Ransomware was reported as the most prominent root cause of healthcare breaches, accounting for a whopping 54.95 per cent. The top ransomware used was Ryuk, accounting for 8.64 per cent of ransomware-related breaches.
It was followed by Maze (6.17 per cent), Conti (3.7 per cent) and REvil/Sondinokibi (3.09 per cent). Third-party breaches accounted for over a quarter of the breaches tracked and nearly 12 million exposed records.
Other leading causes included email compromise/phishing (21.16 per cent), insider threat (7.17 per cent) and unsecured databases (3.75 per cent). Apart from the obvious strain of dealing with the pandemic, telehealth solutions surfaced as a prominent risk area over the last year.
While it may be the much-needed answer to getting medical care to those in need, beyond the limitations of social distancing norms, telehealth solutions considerably expand the surface area for attacks.
"As the Covid-19 pandemic continues to place unprecedented strain on global healthcare infrastructure, attackers are finding what was already an attractive target even more enticing," Rody Quinlan, Security Response Manager, Tenable, said in a statement.
"Technology dependent services such as telehealth, Covid-19 contact tracing app, and a rush to develop and distribute vaccines have greatly expanded the attack surface."
In order to reduce the risk of compromise, healthcare organisations should identify and remediate vulnerabilities most likely to target and impact your organisation, Tenable said.
Once the vulnerabilities most likely to introduce business risk are identified and prioritised, they need to remediate them and continue regular maintenance check-ups, it added.