What's Behind Disturbing Breach Trends in Healthcare?Critical Insight's Mike Hamilton and Christus Health's John Delano on New Research
The number of major health data breaches is decreasing, but a recent disturbing trend reflects the vulnerability of critical vendors and the tenacity of cybercriminals, said John Delano, a vice president of Christus Health, and Mike Hamilton, CISO and co-founder of security firm Critical Insight.
"We have fewer breaches, but they are much bigger in nature," said Delano of the findings in a recent report by Critical Insight analyzing health data breach patterns so far in 2023.
"It would be easy to rest on our laurels, saying, 'The number of breaches is going down so we're making headway. We're doing something right.' But in reality, the number of records breached continues to go up, and that's a problem," he said in an interview with Information Security Media Group.
Many of the largest health data breaches so far in 2023 have involved hacking incidents and other issues at HIPAA business associates and related third-party vendors. "This shows that the criminals are doing research and targeting to a greater degree than before," Hamilton said.
"If someone can affect a service provider that provides online access to electronic health records and that provider serves dozens or hundreds of institutions, it becomes a one-stop shop" for hackers, he said.
In this interview with Information Security Media Group (see audio link below photos), Hamilton and Delano also discussed:
- A major shift in the "entry point" of most major health data compromises now involving network servers;
- Other top findings in Critical Insight's recent analysis of health data breaches and the outlook for future breach trends;
- Emerging use cases for generative AI in healthcare and the potential security and privacy risks.
Hamilton is co-founder and CISO at security firm Critical Insight. He has 30 years of experience in information security, as a practitioner, consultant, executive and entrepreneur. As former CISO for the city of Seattle, he managed information security policy, strategy and operations for 30 government agencies. Prior to that, he was a managing consultant for VeriSign Global Security Consulting.
Delano is an experienced CIO in the hospital and healthcare industry. His previous work includes security leadership roles at AdventHealth, VMware, Cook Children's Health Care System and Integris.