Health care industry was the most common victim of cyberattacks in 2022, according to a report by cyber intelligence firm, Black Kite. The study found a total of 34.9% of cyberattacks occurred in health care, up 1% from the year before, making it the most attacked sector for the second year in a row—most likely due to the heavy regulations surrounding Personal Health Information (PHI) that have only attracted more attention from hackers. The report also highlighted a lack of budget, outdated software, and the ability to remotely share personal data between patients and hospital systems as avenues for hackers to gain access to sensitive data.

The unintended effect of the Russian war: The report also showed that ransomware attacks accounted for 27% of third-party breaches in 2022, which was down from 2021, and that this could be an unintended effect of the Russian war in Ukraine. After health care, finance ranked second for total attacks last year, tallying 14.3%, and government was third, accounting for 9.5% of attacks.

Phishing attacks were the most common type of cyberattacks in health care in 2022, making up 50.7% of the attacks, followed by malware and ransomware, both of which accounted for 17.9% and 14.3%, respectively. Automaker Toyota topped the list of top five cybersecurity breaches of 2022, with a data breach exposing the emails of 300,000 customers, while Highmark Health ranked; third, with a breach exposing the names, dates of birth, and prescription information of 67,147 people.

The key finding from the report:

• Unauthorized network access was the most common root cause of third-party attacks, initiating 40% of third-party breaches last year. The rise is partially due to the remote work model that has become prevalent with the pandemic.
• Ransomware accounted for 27% of third-party breaches in 2022—a decrease from 2021 due to Russian sanctions, which hinder the ability of Russian-based cybercriminals to act.
• The average time between an attack and the disclosure date was 108 days, with a 50% increase from 2021—giving threat actors more time to cause significant damage with stolen data.
• Technical services vendors (providing infrastructure services) were the top target of third-party breaches. In the top three for a fourth consecutive year, these vendors were included in 30% of incidents.
• The healthcare industry was the most common victim of third-party breaches accounting for 34% of incidents 2022—an increase from 2021—followed by finance (14%) and government (14%).

Bottom line: “The report contains good news and bad news. The good news, defenders are getting marginally better and the number of breaches via third parties dropped YoY. The bad news, while the number of breaches dropped, the impact of the breaches jumped. And we are seeing a lot of the same issues and vectors for successful attacks - this means basic blocking and tackling aren’t happening.” –Jeffrey Wheatman