Chief Healthcare Executive’s most popular data and technology stories of 2022

Continuing our week-long look at our most well-read stories, our rundown of the most popular technology features is dominated by cybersecurity.

1. Cyberattacks surged last year, and 2022 could be worse

Healthcare organizations have been inundated with cyber attacks, and when we published this story in January, analysts projected that hospitals and health systems could expect more to come in 2022.

Spoiler alert: they were correct.

Hospitals and other healthcare organizations remain ripe targets for cyberattacks, said Mac McMillan, the founder and former CEO and president of CynergisTek, a cybersecurity consulting firm.

“I think the bad guys have figured out healthcare is a lucrative target. It’s a target that’s more susceptible to disruption because they haven’t made the investments others have made,” McMillan said.

Cybersecurity experts such as McMillan say healthcare providers must devote more resources to preventing cybersecurity attacks. They say that having to deal with attacks can be far more expensive.

Scripps Health said a cyberattack in 2021 cost the system $112 million in lost revenue, according to media reports. The California-based system was forced to take down its electronic health record system for nearly a month.

The average healthcare breach now costs $10.1 million, according to an IBM Security report released in July. The cost of the typical healthcare breach rose by nearly $1 million over last year.

Scores of cyberattacks hampered healthcare systems in 2022, and it’s safe to say that cybersecurity will remain one of the pressing challenges of hospitals in the coming year.

(In this video, Lee Kim of HIMSS outlines some of the cybersecurity threats over the past year. The story continues below.)

2. CommonSpirit ransomware attack: Questions and answers

CommonSpirit Health had to contend with a ransomware attack that affected its systems.

A nonprofit, Catholic health system based in Chicago, CommonSpirit operates 140 hospitals and more than 1,500 care sites in 21 states. The CommonSpirit breach affected more than 620,000 people, according to the health department.

CommonSpirit first reported what it described as an IT security issue on Oct. 5. CommonSpirit issued an update on Oct. 12 confirming that it is dealing with a ransomware attack.

The system said in December that the breach involved patient information from Virginia Mason Franciscan Health, an affiliated entity of CommonSpirit. Letters to those affected were sent via U.S. mail on Dec. 1, the system said.

CommonSpirit said someone gained access to personal information from Franciscan Health and/or Franciscan Medical Group in Washington state. An investigation determined that hackers gained access to parts of CommonSpirit’s network between September 16, 2022 and October 3, 2022.

In the weeks after the attacks, Virginia Mason Franciscan Health said some patient appointments were rescheduled or canceled. CHI Health, which is part of CommonSpirit, said it had to reschedule some patient appointments and postponed some procedures on a case-by-case basis.

3. The 10 biggest cybersecurity attacks of the first quarter of 2022

Cybersecurity experts warned that there would be many attacks aimed at the healthcare industry in 2022, and it didn’t take long to see that those projections were accurate.

Healthcare organizations must report breaches affecting more than 500 people to the U.S. Department of Health and Human Services. In the first quarter of 2022, the health department is investigating 125 breaches affecting at least 500 people.

Combined, those incidents have affected millions of people nationwide. Many breaches involve hospitals and health systems, but some also involved other firms that have private health information.

It’s worth noting some of these breaches occurred in 2021 but were reported in 2022. Cybersecurity experts say it can take months for healthcare organizations - and companies in other sectors - to detect a breach.

The largest breach in the first quarter came from Broward Health. The Florida-based health system reported the breach on Jan. 2. The breach affected more than 1.3 million people, according to the health department.

4. The 10 biggest health data breaches in the first half of the year

After the first six months of the year, we took another look at the top healthcare breaches over the first half of 2022.

Each of the 10 biggest health data breaches reported to the federal government in the first six months of the year affected at least 500,000 people. Millions of Americans have been hit by breaches involving health information in the first half of the year.

In the first six months of 2022, the U.S. Department of Health and Human Services  indicated there have been 337 breaches involving a minimum of 500 patient records, but some of those attacks have affected hundreds of thousands of people.

The attacks have involved hospitals, health systems, physician practices, insurers and other companies with private health information. Cybersecurity experts say ransomware attacks are rising.

Shields Health Care Group, a Massachusetts-based company, was the victim of the breach that affected the most people in the first half of the year. The breach has affected 2 million people, according to the health department. The breach was submitted to the department on May 27.

Shields, which offers imaging and outpatient services throughout New England, said in a statement it was alerted to suspicious activity that may have involved data compromise on March 28. An investigation determined that an unknown actor gained access to Shields’ systems between March 7 and March 21. Shields said it worked to identify what data may have been involved and notified its healthcare partners on May 25.

Hundreds of breaches have been reported to the health department in the second half of the year, according to the health department.

5. Artificial intelligence, healthcare, and questions of legal liability

Many healthcare leaders see enormous potential for artificial intelligence in healthcare, but the growing use of AI raises a host of legal questions.

Samuel Hodge, a professor of legal studies at Temple University, has been tackling these questions. He recently wrote an article about the legal implications of AI in healthcare in the Richmond Journal of Law & Technology.

In an interview with Chief Healthcare Executive in September, Hodge talked about the liability questions for hospitals, doctors and some of the questions health industry leaders should be considering.

“The law always lags behind medicine,” Hodge said. “This is an area that is a classic example.”

Hodge says he is a big supporter of the growing use of AI in medicine, calling it as potentially significant as the X-ray or CT scan. But he said the use of AI raises legal questions that have yet to be answered.

“It’s exciting, but AI has drawbacks and with legal implications because the law lags behind the development of the technology,” Hodge said.

He added, “The area of liability is open-ended, and hospital administrators and physicians are really going to have to watch the development of the field to stay abreast of the latest developments.”

See excerpts of our conversation with Samuel Hodge talks about legal questions surrounding AI.