In addition to analyzing customer ransomware incidents and other cyber attacks, BakerHostetler’s privacy and data security specialists compared incident response statistics across industries and looked at data breach regulations and lawsuits.
Of all the incidents analyzed by Baker Hostetler, the healthcare, biotechnology and pharmaceutical industries accounted for the lion’s share at 28%.
According to the company’s analysts, the use of endpoint detection and response tools, patching, and resilient backup strategies have helped prevent attacks, mitigate the impact of successful network instructions, and enable recovery without the need for a decryptor. pay.
WHY IT MATTERS
The 2024 Data Security Incident Response Report is based on insights the Ohio-based law firm gained from managing 1,150 data security incidents in 2023.
The analysis found that 48% of all cybersecurity incidents in 2023 resulted in data exfiltration, while 31% involved ransomware deployment and 25% involved hacking email accounts.
Meanwhile, 27% of organizations with ransomware or whose data was extorted paid a ransom last year. The main reason was to buy a decryptor – 41% of incidents – followed by preventing publication of the stolen data – 37%.
Of the industries in which the company operates, the financial and insurance sector that recovered the fastest from cyber attacks was an average of ten days to an acceptable recovery, according to the 10th annual cybersecurity response. report.
The average cost of required forensic investigations fell to $78,138 from $90,335 in 2022, the analysts said, due to the pre-existing deployment of EDR tools, increased use of security intelligence and event management, and increased use of forensic triage packages.
“The tool a company uses is no longer the most important factor in selecting a forensics firm, as most companies are now ‘tool agnostic’ – which was not the case just a few years ago,” said Ted Kobus, president of the digital assets and data of the company. management group, wrote in the report.
The data analysis also found that the average time to detection of a network intrusion incident in 2023 with a deployed EDR tool was 12 days, compared to 19.7 days without an EDR tool.
The average time to complete a forensic investigation was 33 days for the companies involved in the incidents. Notices took an average of 60 days and 43% resulted in lawsuits.
However, looking back on ten years of annual analyzes of cyber incidents and responses, the report indicated that the time between occurrence and detection has decreased significantly. In the 2015 report, the average period for all incidents was 134 days, compared to 42 days in this year’s report.
Third parties were often liable for the cyber security incidents investigated in 2023.
While 23% of incidents were attributed to unpatched vulnerabilities and 20% to phishing, 22% had unknown root causes and 25% involved a vendor.
“Notably, business associates were responsible for 60% of the more than 500 violations reported to the Office for Civil Rights in 2023, compared to 35% in 2022,” BakerHostetler analysts said.
Also, the number of individuals affected by major breaches reported to OCR increased by almost 200% between 2022 and 2023, to 56.9 million and 144.5 million respectively.
OCR’s 2023 enforcement actions marked a departure from the previous three years, with a notable decline in enforcement actions. The shift “may indicate OCR is focusing on other enforcement issues, such as website technologies,” the analysts said.
Regulatory measures taken to minimize the use of pixel tracking tools on websites have prompted many organizations to abandon them, they noted.
“Many of our customers have made the difficult decision to remove all third-party technologies from their web pages as they look for alternatives to keep their websites functional and relevant without disclosing IP addresses to third parties.”
THE BIG TREND
The new report recommends widespread, actively monitored deployment of EDR tools, combined with patching of commonly used devices, such as VPNs, and a resilient backup strategy to help prevent attacks, limit their impact and reduce the need for decryptors. to eliminate payment.
To better manage patches, a strong vulnerability management program can help organizations deny threat actors the advantage, says Tyler Reguly, senior manager of security research and development at Fortr. Healthcare IT news earlier this month.
“If your security team hasn’t blocked out the second Tuesday of the month to review and prioritize updates, that’s a critical change to make,” he advised.
ON THE RECORD
“The message is coming across: if you want to avoid (or quickly recover from) a ransomware attack, you need to follow a recipe,” data and security experts at BakerHostetler said in the report.
“More companies are taking their medicine. Companies that have survived an attack know they don’t want to suffer a second attack…The proof that the message is getting through is in the data.”
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.