Sometimes the cost of a significant data breach goes beyond the lost data itself. On Jan. 26, a San Diego area children's hospital was sued by a patient after their personal data was stolen during a breach of a third-party vendor. In addition to the Rady Children's Hospital, the vendor, a company called Blackbaud, is facing over 20 lawsuits, according to HealthITSecurity. The Blackbaud breach is part of a growing trend, with hackers stealing more data than ever before, especially from health care organizations.
The legal cost of personal information
The Blackbaud breach was the single largest health care-related data breach of 2020 and has had lasting ramifications across the country. While just short of 20,000 Rady Children's Hospital patients were impacted, the overall breach has affected more than 10 million people and over 100 organizations.
While the Blackbaud attack was first detected May 14, 2020, cybersecurity experts believe that hackers first entered its system and began stealing data several months earlier. The exploit was initially reported as a ransomware attack, with Blackbaud quickly paying the ransom and confirming that the confidential information in question was destroyed. However, a later report discovered additional patient Social Security numbers and private medical information that hackers had stolen.
The specific litigation against Rady alleges that the children's hospital violated the California Confidentiality of Medical Information Act and California Consumer Records Act, and are responsible for claims of negligence breach of implied contract and invasion of privacy.
"[Rady] has a duty to reasonably protect the confidentiality of the medical information that it maintains, preserves, stores, abandons, destroys or disposes of, and failure to comply with this duty exposes [Rady] to liability for nominal and/or actual damages under [California law]," the lawsuit stated.
Significantly, the suit alleges that Rady Children's Hospital and Blackbaud can not confirm that all of the stolen personal information was destroyed.
A growing issue
Unfortunately, major data breach exploits like the one against Blackbaud and Rady Children's Hospital are on the rise. While the overall number of breach events declined in 2020, according to a study from Risk Based Security, the amount of information compromised skyrocketed. According to the study, more than 37 billion records were exposed by hackers in 2020, a single-year record and a 141% increase from 2019.
In its findings, Risk Based Security noted several interesting trends, including the jump in breach severity and the even more frequent use of ransomware as a method of attack. Average Severity Score, a measurement that utilizes a base 10 logarithmic scale, increased from 4.75 to 5.71 over the course of 2020. This means that breach security worsened by a factor of 10. This reading correlates with other numbers, including the five breaches that each exposed over a billion records. In addition, ransomware attacks increased by 100% from 2019 and were an element in 676 separate breaches.
The study also offered continued evidence that the data theft committed against Rady Children's Hospital and Blackbaud was far from an isolated incident. According to a recap report of the study from Governing.com, the health care sector was the single most-targeted industry, incurring just over 12% of all data breaches. Hospitals and other health care providers were especially vulnerable this past year, as they had to deal with the continuing COVID-19 pandemic.
Shoring up cybersecurity
Even if you don't work in the health care industry, your data could be at an increased risk of a malicious breach. Compromised data can be devastating for any organization, but especially so for those that handle extremely sensitive personal information, such as medical records. If lax cybersecurity measures are found to have made a successful cybersecurity exploit possible, you may face litigation.
One of the easiest and most important ways to shore up your network is by getting rid of unsecured open-source code. While some of these programming languages, like Java, are among the building blocks of numerous important programs, their vulnerabilities are more likely to be well known by hackers, and thus easier to exploit. Luckily, an effective terminal emulation tool can remove Java from the equation, without requiring you to remove the mainframe software or hardware that keep your organization running.