In addition to analyzing customer ransomware incidents and other cyber attacks, privacy and data security experts at BakerHostetler compared incident response statistics across industries and looked at review data breach regulatory responses and lawsuits.
Of all the incidents Baker Hostetler analyzed, healthcare, biotech and pharmaceuticals accounted for the largest share at 28%.
According to the company’s analysts, the use of endpoint detection and response tools, patching and resilient backup strategies helped prevent attacks, minimizing the impact of network instructions is successful and allows recovery without having to pay for a decoder.
WHY IS IT IMPORTANT?
The 2024 Data Security Incident Response Report is based on insights the Ohio-based legal firm gathered to help manage 1,150 data security incidents in 2023.
Analysis shows that 48% of all cybersecurity incidents in 2023 resulted in data theft, while 31% saw ransomware deployed and 25% saw email accounts compromised. attack.
Meanwhile, 27% of organizations that encountered ransomware or data extortion last year paid the ransom. The main reason was to buy decryptors – 41% of incidents – followed by preventing the publication of stolen data – 37%.
Among the sectors the company serves, the fastest to recover from cyber takedowns are finance and insurance with an average time of 10 days until recovery to acceptable levels, according to the report. 10th annual cybersecurity response report.
The average cost of required forensic investigations has dropped to $78,138 from $90,335 in 2022 due to the deployment of existing EDR tools, which make heavy use of confidential information, analysts said. and more event management as well as the increasing use of forensic classification packages.
“The tools a company is using are no longer the most important factor in choosing a forensics firm because most companies today are ‘tool agnostic’ – this was not the case a few years ago.” management team, wrote in the report.
Data analysis also shows that the average time to detect a cyber intrusion incident in 2023 when EDR tools are deployed is 12 days compared to 19.7 days without EDR tools.
The average time to complete a forensic investigation is 33 days for the companies involved in the incident. Notices take an average of 60 days and 43% result in litigation.
However, based on a decade of annual cyber incident and response analysis, the report shows that the time from occurrence to detection has decreased significantly. In the 2015 report, the average duration was 134 days for all incidents compared to 42 days in this year’s report.
Third parties were often responsible for the cybersecurity incidents 2023 examined.
While 23% of incidents were attributed to unpatched vulnerabilities and 20% to phishing, 22% had unknown root causes and 25% were vendor related.
“Notably, business partners were responsible for 60% of the more than 500 violations reported to regulators. [the Office of Civil Rights] in 2023, compared to 35% in 2022,” BakerHostetler analysts said.
Additionally, the number of individuals affected in major breaches reported to OCR increased nearly 200% between 2022 and 2023, to 56.9 million and 144.5 million, respectively. People.
OCR’s enforcement actions in 2023 mark a departure from the previous three years, with a significant decrease in the number of enforcement actions. The change “may indicate that OCR is focusing on other enforcement issues, such as website technology,” the analysts said.
They note that regulatory actions taken to reduce the use of pixel tracking tools on websites have caused many organizations to abandon them.
“Many of our customers have made the difficult decision to remove all third-party technology from their sites while they look for alternative solutions to keep their sites live and relevant. without transmitting the IP address to third parties.”
BIGGER TREND
The new report recommends widespread, actively monitored EDR tool deployment, combined with patching of commonly targeted devices, such as VPNs, and flexible backup strategies to help avoid attacks , minimizing the impact and eliminating the need to pay for a decoder.
To better manage patching, a robust vulnerability management program can help organizations deny threat actors the advantage, said Tyler Reguly, senior director of security research and development at Fortr, said Healthcare IT news in the first day of this month.
“If your security team doesn’t have a second Tuesday of the month to review updates and prioritize them, that’s an important change to make,” he advises.
ON PROFILE
“The message is being sent out – if you want to avoid (or quickly recover from) a ransomware attack, there is a protocol you must follow,” BakerHostetler data and security experts said in the report. decided”.
“More and more companies are using their drugs. Companies that survive one attack know they don’t want to face a second attack…Evidence that the message is being conveyed appears in data.”
Andrea Fox is a senior editor at Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
