As cyberattacks increase, cybersecurity startups are gathering investment and growing reach.
Each year, cloud security company Bitglass analyzes data from the U.S. Department of Health and Human Services’ database of recorded breaches of protected health information (PHI). In 2020 alone, there were nearly 600 healthcare breaches that collectively affected over 26 million individuals. Bitglass’ latest report takes an in-depth look at the breaches that healthcare organizations faced, comparing them to previous years and revealing key trends and cybersecurity challenges facing the industry.
Since 2018, the number of hacking and IT specific incidents has risen each year. This indicates that IT resources are increasingly used and therefore increasingly targeted by malicious actors. Such incidents were, by far, the top cause of healthcare breaches in 2020, leading to 403 out of 599 breaches (67.3%)—more than three times that of the next highest category. Hacking and IT incidents also led to larger breaches than other categories did, compromising 91.2% of all exposed healthcare records in 2020 (about 24.1 million out of 26.4 million).
Key Findings of the Report
- The average cost per breached record increased from $429 in 2019 to $499 in 2020. With 26.4 million records exposed in 2020, data breaches cost healthcare organizations $13.2 billion.
- Outside of hacking and IT incidents, the remaining breach categories exposed the personal details of about 2.3 million people, exposing victims to identity theft, phishing, and other forms of cyberattacks.
- This year, breach numbers were up across the board, with 37 out of 50 U.S. states suffering more breaches than they did in 2019. California had the most healthcare breaches in 2020 with 49 incidents--surpassing last year’s leader, Texas, which suffered 43 breaches in 2020.
- In 2020, the average healthcare firm took about 236 days to recover from a breach.
In addition, the industry has seen several large scale attacks. In 2015, health care provider Anthem disclosed hackers had potentially stolen more than 37.5 million records after getting into its servers. Two years later, a ransomware strain called WannaCry infected the U.K.’s National Health System and affected 80 facilities even though the health system was not the direct target. More recently, hackers were able to access security cameras in hospitals and clinics through a simple password breach of Silicon Valley startup Verkada. These attacks are not limited to patient data and hospital information; biomedical institutions doing COVID 19-related research have also reported being attacked, and the World Health Organization also saw an alarming increase in incidents.
Cybersecurity Startups on the Rise
As cyber attacks increase, so follows an increase in investor interest for the cybersecurity sector. Within the sector, healthcare focused startups specifically have seen an increase in global venture funding from $26 million in 2015 to a high of $249 million in 2019, according to Crunchbase data. Investment leveled off last year, with only $133 million coming into the space, but this year already has witnessed $135 million invested.
Earlier this week, Cylera closed $10 million in Series A funding, and late last month, Palo Alto-based Armis raised $125 million at a $2 billion valuation. Two M&A deals around the space also occurred when Cloud MD bought health care data integration and security provider IDYA4 in February, and 10 days later Relay Medical acquired IoT cybersecurity firm Cybeats Technologies, according to Crunchbase.
Many who invest in the space say that opportunity now extends outside hospitals and research facilities, especially as health care stresses telemedicine and in-home care. Medical wearables and Teleheath services are just the beginning in terms of medical delivery devices becoming ubiquitous in our everyday lives.
“There’s no question that remote patient monitoring systems and how to secure them could become a thing,” said Taylor Whitman, managing director at Concord Health Partners, an investor in Cylera.
In the wake of the worldwide pandemic, the number of connected healthcare IoT devices has and will continue to grow, and the number of cyberattacks will grow with them. The cybersecurity sector can only follow this trend in order to combat cybercriminals.
Read the original Crunchbase article here