Press Release

Nearly 106 million healthcare records exposed over 14 months – reveals Tenable research

Analysis by Tenable’s Security Response Team (SRT) has revealed 237 breaches in the healthcare sector in the calendar year 2020. The incidents continued into 2021, with 56 breaches already disclosed by the end of  February 2021.

Ransomware was reported as the most prominent root cause of healthcare breaches, accounting for a whopping 54.95%. The top ransomware used was Ryuk, accounting for 8.64% of ransomware-related breaches. It was followed by Maze (6.17%), Conti (3.7%) and REvil/Sondinokibi (3.09%).

Third-party breaches accounted for over a quarter of the breaches tracked and nearly 12 million exposed records. Other leading causes included email compromise/phishing (21.16%), insider threat (7.17%) and unsecured databases (3.75%).

Apart from the obvious strain of dealing with the pandemic, telehealth solutions surfaced as a prominent risk area over the last year. While it may be the much-needed answer to getting medical care to those in need, beyond the limitations of social distancing norms, telehealth solutions considerably expand the surface area for attacks.

“As the COVID-19 pandemic continues to place unprecedented strain on global healthcare infrastructure, attackers are finding what was already an attractive target even more enticing. Technology dependent services such as telehealth, COVID-19 contact tracing app, and a rush to develop and distribute vaccines have greatly expanded the attack surface. With no signs of cyberattacks slowing down in 2021, healthcare organisations need the resources and tools necessary to understand and reduce their cyber risk,” said Rody Quinlan, Security Response Manager, Tenable.

In order to reduce the risk of compromise, healthcare organizations should take a two-pronged approach to reduce the growing threats:

  •  Prioritise vulnerabilities: Identify and remediate vulnerabilities most likely to target and impact your organisation.

  • Address the root cause: Once the vulnerabilities most likely to introduce business risk are identified and prioritized, remediate them and continue regular maintenance check-ups.

You can find the full blog available here. If you’re interested in more detail on the report findings, Rody Quinlan is available for further comment.

* Note to Editors:


  • Public disclosures can occur days, months, or even years after the event itself

  • The figures have been extrapolated from 293 publicly disclosed data breaches between January 2020 and February 2021 – 237 breaches between January – December 2020 and 56 breaches between January – February 2021.

  • Of the 293 breaches known to have exposed records in the 14-month period analyzed, 57.34% publicly disclosed how many records were exposed.

  • 102,907,137 healthcare records were exposed in 2020, with 2,864,677 disclosed so far this year (January and February).

Leave a Response