RiskLens Quick Facts on Cyber ​​Risk in Healthcare – Dental Care Alliance Breach


A class action lawsuit over one of the biggest healthcare data breaches of 2020 will be settled for $3 million, as part of a proposal recently filed with the court. Dental Care Alliance, a manager of more than 300 dental practices, reported a breach of PHI, credit card and other data for 1.7 million patients and employees in a month-end cyberattack. 2020. (No details were given on how the attackers gained access.)

The plaintiffs argued that Dental Care Alliance’s poor cybersecurity practices put them at risk of identity theft and fraud; the company denied the charges and responded that no evidence of data misuse could be found. See more details about the lawsuit.

AppSec/API Security 2022

In another case of claimed third-party risk, three ophthalmology practices are suing Chief Practice Officer Eye Care Leaders for business interruptions caused – according to the plaintiffs – by multiple ransomware attacks concealed by the provider. Details.

Both cases are windows into the high-stakes cyber risk landscape for healthcare providers and payers, with sensitive data (sometimes in the hands of third-party vendors) and patient care at risk, all under the supervision of the federal government’s HHS Office of Civil. Monitor Rights (OCR) – and fine – for HIPAA violations.

RiskLens is the leader in quantitative cyber risk analysis software and services in financial terms. Learn more about RiskLens.

Number of data breaches in the healthcare sector

In 2021, the healthcare sector was affected by 849 cyber incidents, including 571 with confirmed data disclosures, according to the Verizon DBIR. This placed the industry 8th in total incidents and 3rd in data breaches of 21 industry categories surveyed in the DBIR.

The largest healthcare data breach reported in 2021 – over 3.5 million stolen records – was a ransomware/extortion attack against the Accellion file transfer appliance used by numerous healthcare organizations.


Most Likely Cyber ​​Risks by Incident Frequency and Loss for Healthcare Providers and Payers

RiskLens’ data science team estimates risk for industry-class businesses based on cyber event history as well as a wide range of metrics such as revenue, number of employees, and number of database records.

In the RiskLens modeling, healthcare shows relatively higher breach rates compared to other industries, with an overall average annual event probability of 9.3% (just behind the public sector). However, it is understood that this is driven at least in part by stricter data privacy policies enforced by HHS OCR with mandatory reporting for small incidents – see the so-called “wall of shame” related to breaches of HIPPA which starts at 500 people affected.

According to data science from RiskLens, below is the probability that common types of cyber loss events (from Verizon DBIR) will occur and cost on an annual basis for a healthcare business, based on averages of the sector. We pulled these numbers from the RiskLens My Cyber ​​Risk Benchmark tool.

RiskLens Quick Facts on Cyber ​​Risk in Healthcare - Chart 1

Company Size and Security Posture Make a Difference in Healthcare Cyber ​​Risk

We have entered into the My Cyber ​​Risk Benchmark tool the revenue, number of employees and number of database records that have been made public for Dental Care Alliance, as well as the SecurityScorecard rating integrated into the Benchmark tool.

RiskLens Quick Facts on Cyber ​​Risk in Healthcare - Chart 2

RiskLens modeling breaks down losses, so we can specifically break down fines and judgments (F&Js), including settlements. These are probabilistic (they don’t always occur), but we can see that the Dental Care Alliance settlement of $3 million is approximately the median of the full F&J amounts of the benchmark estimates for companies with characteristics similar.

Note that these benchmark event probabilities are a bit lower than the industry average, rated C by SecurityScorecard. This is thanks to their security posture, rated A by SecurityScorecard.

As an example, a healthcare organization facing a web application attack breach has annual probabilities of…

  • One odds = 5.1%
  • C-score = 9.7%
  • F-score = 14.3%

The statistics for this blog post were taken from the RiskLens My Cyber ​​​​Risk Benchmark tool, powered by data science RiskLens (with security ratings from Security Scorecard). See how your industry and organization compares – get a free trial of My Cyber ​​Risk Benchmark.

RL-Banner-1024x281v1 (1)

*** This is a syndicated blog from RiskLens Resources’ Security Bloggers Network written by Jeff B. Copeland. Read the original post at: https://www.risklens.com/resource-center/blog/fast-facts-healthcare-cyber-risk-dental-care-alliance-breach


About Author

Comments are closed.