Critical Insight has released its 2023 H1 Healthcare Data Breach Report [2] [3], analyzing reported data breaches in the healthcare sector [3]. This report highlights key findings regarding the number of breaches, individuals affected [1] [2] [3], causes of breaches [2] [3], and the shift in attackers’ strategies [1] [2].


The report reveals a positive trend for the entire year, with a decrease in total breaches compared to the second half of 2022 [3]. However, there was a significant increase in the number of individuals affected by data breaches during H1 2023 [3], with a 31% increase in compromised individual records. Hacking incidents remained the primary cause of breaches [2] [3], accounting for 90% of cases [2], while unauthorized access accounted for the remaining cases [1]. Notably, network server breaches were responsible for 97% of affected records [1].

Furthermore, the report highlights that hackers have intensified their attacks on third-party business associates [1], with breaches associated with business associates significantly higher than those affecting healthcare providers [1]. This emphasizes the importance of proactive defense strategies and incident response planning [3]. It is crucial for organizations to establish incident response plans, conduct risk assessments [1] [3], and safeguard third-party vendors [1].

Additionally, the report points out a shift in attackers’ strategies from encryption to extortion [1] [2]. This change in tactics has significant implications for healthcare organizations and underscores the need for enhanced security measures.


In conclusion, the number of breaches in the first half of 2023 is on track to be the lowest since 2019 [2]. However, the increase in compromised individual records and the targeting of third-party business associates highlight the need for continued vigilance and proactive defense strategies. Healthcare organizations must prioritize incident response planning, risk assessments [1] [3], and safeguarding third-party vendors to mitigate the impact of data breaches. Furthermore, the shift in attackers’ strategies from encryption to extortion calls for enhanced security measures to protect sensitive healthcare data.