Critical Insight Finds Attackers Shifting Focus to Smaller Hospital Systems and Specialty Clinics in H1 2022 Healthcare Data Breach Report

Press Release | Critical Insight | August 24, 2022

SEATTLE--(BUSINESS WIRE)--Critical Insight, a Managed Detection and Response (MDR) service provider specializing in protecting the networks of life-saving organizations and critical infrastructure, announced today the release of the firm’s H1 2022 Healthcare Data Breach Report, which analyzes ​​breach data reported to the U.S. Department of Health and Human Services by healthcare organizations.

With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, H1 2022 saw an interesting change in targets as attackers moved from large hospital systems and payers, big targets that would likely yield the most data but also have more sophisticated defenses, to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget.

Aside from this change in victim focus, attackers this half of the year hit the jackpot, with the Eye Care Leaders EMR breach, which exposed more than 2 million records. This trend of focusing on a systemic technology that is used across most healthcare providers is a trend we anticipate continuing throughout the remainder of 2022.

Key Findings:

  • Total Breaches Are Declining: The number of reported breaches crested during the second half of 2020 when organizations were so distracted by the pandemic that attackers had an easier time breaching their defenses. Since then, the total number of breaches has slowly, but steadily declined, from the peak of 393 to 367 in the first half of 2021, 344 in the second half of 2021, and 324 in the first half of this year.
  • Total Individuals Affected: The latest numbers are encouraging with roughly 20 million individuals affected in the first half of 2022, representing the third consecutive quarter of declining numbers, a 10% drop compared to the prior six-month period and 28% less than the first half of 2021.
  • Who is Getting Breached?: Healthcare providers represent 73% of total breaches, business associates represent 15%, and health plans 12%. The interesting trend is that breaches associated with healthcare providers dropped from 269 in the first half of 2021 to 238 in the first half of 2022.
  • Most Common Breach Causes: Hacks associated with network servers declined from a peak of 67% in the first half of 2021 to 57% in the first half of 2022. But EMR-related breaches soared from zero in the first half of 2020 to nearly 8% of all breaches in the first half of 2022.
  • One Thing We’re Watching: When we look at which segments of the healthcare ecosystem had Hacking/IT Incident type breaches, we’re now seeing smaller hospital systems and specialty clinics rising to the top. Breaches associated with health plans decreased by 53%, but attacks against business associates jumped by 10% and attacks against providers went up 15%.

“Attackers are continuing to push the envelope and change the playing field when it comes to healthcare data breaches and attacks,” said John Delano, Healthcare Cybersecurity Strategist at Critical Insight and Vice President at Christus Health. “This move from large hospital systems and payers to smaller entities that truly have a deficit when it comes to cyber defenses, shows a massive change in victims and approach. As we continue into 2022, we anticipate attackers to continue to focus on these smaller entities for ease of attack, but also for evasion of media attention and escalation with law enforcement.”

To download the report, please visit:

About Critical Insight

Critical Insight delivers cyber security that’s critical to your mission. We defend your organization with a personalized blend of MDR, managed, and professional services, to assess, test, and monitor 24x7. IT teams get their day jobs back with a full staff of expertise for less than the cost of one employee. We make cyber security a path to progress, from ensuring compliance to driving customer preference. We’re committed to defending those who serve us all, so no organization has to go without an effective cyber defense. Critical Insight. We Defend. You Thrive.

Find out more at


Jake Milstein
Critical Insight
[email protected]