According to a recent report from Apple and a Massachusetts Institute of Technology researcher, the United States has witnessed a record-breaking surge in data breaches, fueled by increased attacks on third-party vendors and a rise in aggressive ransomware incidents.
The study, authored by MIT professor Stuart Madnick and released on Thursday, reveals a distressing trend, with data breaches more than tripling from 2013 to 2022 and compromising a staggering 2.6 billion personal records in the past two years alone.
The situation has further escalated in 2023, with the first eight months seeing over 360 million individuals affected by corporate and institutional data breaches. Alarmingly, one in four Americans had their health data exposed in these breaches during this period. The report also highlights an increase in ransomware attacks, surpassing the total for the entire year of 2022. In the first three quarters of 2023, ransomware attacks rose by nearly 70% compared to the same period in the previous year.
A survey conducted in 2023 among 233 IT and cybersecurity professionals in the healthcare sector across 14 countries revealed that 60% of organizations in the sector faced ransomware attacks, almost double the reported rate in 2021. The largest health data breach this year involved an email hacking incident reported by HCA Healthcare, affecting 11 million individuals.
Data breaches have not been limited to the healthcare sector, as millions of individuals across various economic sectors have been impacted. Third-party vendor incidents have been particularly prominent, with exploits targeting vulnerabilities in Progress Software's MOVEit and Fortra's GoAnywhere file transfer applications.
The report emphasizes the widespread consequences of vendor exploitation attacks, where initial breaches provide hackers access not only to the vendor's system and data but also to the systems and data of the vendor's clients. The study notes that approximately 98% of organizations reported having a relationship with a vendor that experienced a data breach within the last two years.
In light of these findings, the report underscores the urgent need for organizations to prioritize the security of personal data, given the prevalence of data breaches and their tangible consequences for individuals.