Cyberthreats against healthcare organizations are on the rise in recent years. With the potential to affect patient safety and even result in death, healthcare cybersecurity advisers are strongly advising healthcare executives and senior leaders to address security as a strategic priority instead of strictly an IT initiative. This approach helps to ensure patient privacy and safety as well as mitigate technological disruptions that can negatively affect important clinical services.
How Many Data Breaches Are There in Healthcare?
In 2020, there were 642 healthcare data breaches that each involved at least 500 records. Some of the significant recent attacks include the following organizations:
- Monongalia Health System and two of its hospitals, Stonewall Jackson Memorial Hospital Company and Monongalia County General Hospital Company, were the targets of a phishing attack between May 10 and August 15 that compromised the data of approximately 398,164 individuals. The organization did not realize the attack had occurred until July, when a vendor filed a non-payment report. The subsequent investigation found emails originating from unauthorized persons from a Monongalia Health contractor’s account in an effort to steal funds using fraudulent transfers. The organization has notified the individuals affected and is reevaluating its healthcare cybersecurity practices and protocols to prevent further incidents.
- Texas ENT, a healthcare organization with several Texas locations, suffered a data breach in August that stole files from the billing system containing sensitive information from 535,489 individuals. The unauthorized access to the system was not discovered until October. The company is working to implement additional security measures for system monitoring and protection.
- CompuGroup Medical experienced a technical failure after falling victim to a ransomware attack in December. The incident impacted the availability of email and phones used for customer support. An emergency infrastructure was activated to support customer needs while the company’s team member worked to restore essential organizational components over the course of the next week.
Why Are Healthcare Data Breaches So Common?
Because healthcare organizations maintain a high volume of valuable monetary and intelligence information, they are a frequent target for hackers. Stolen records such as personally identifying information, medical research documents, patient payment data, and protected health information are worth more on the dark web than stolen credit card numbers. This potential for significant profit increases the motivation of cyber criminals to launch attacks on the healthcare industry.
What Are the Risks to Healthcare Systems?
Cyber attacks on healthcare are expensive in multiple ways. The price tag to remediate a health care-related breach is approximately $408 per stolen record, which is nearly three times what it costs for other industries. Privacy loss can also result in financial penalties under HIPAA as well as detrimental reputation damage. Perhaps the most critical risk is the threat against patient care and safety. When access to medical records and devices are compromised, the ability to provide effective care is diminished.
Healthcare cybersecurity is particularly important to protect these organizations that are frequent targets and have much at stake.