A huge breach of data can cause devastating effects for any business, and it amplifies when it affects the healthcare industry. Over the last few years, ransomware attacks across all industries have increased in frequency and destructiveness. However, the healthcare industry is a bigger target than other industries. The United States Department of Health and Human Services released a report detailing over 125 healthcare organizations that have suffered a cybersecurity breach since April 1, 2022.
Healthcare Cyber Breach Threatens Patients
In June, the most recent high-profile healthcare cybersecurity breach occurred at Shields Health Care Group. The firm informed approximately two million U.S. citizens of a cyber attack that put their data at risk. There was a security alert on March 18, but officials did not immediately detect an intrusion. However, an ongoing investigation identified a third-party hack that resulted in unauthorized access to sensitive data between March 7 and March 21. Potentially compromised patient information includes the following:
- Addresses
- Billing information
- Birth dates
- Diagnoses
- Full names
- Healthcare provider information
- Insurance information
- Medical record numbers
- Medical history and other medical information
- Patient IDs
- Social Security numbers
Why Healthcare Cybersecurity Is a Prime Target
A 2021 study found an 84% increase in cybercrime targeting healthcare organizations between 2018 and 2021. The total number of victims also sharply increased from 14 million to 44.9 million during that period. There are several reasons for the attractiveness of healthcare cybersecurity to criminals.
Sensitive and Valuable Data
Criminals can sell the stolen data on the dark web or hold it hostage until the company pays a ransom. It causes the loss of multiple hours of labor spent on recovery attempts and a disruption in the facility’s ability to care for patients. At the same time, access to important data is unavailable.
Lack of Investment in Technology
The healthcare industry is still catching up with initiating cybersecurity technology. Many systems are outdated, a comparatively small part of the healthcare budget goes to technology, and only 4-7% of the planned IT budget goes to cybersecurity.
History of Paying the Ransom
Healthcare organizations frequently pay a ransom in exchange for releasing critical data, with payments made 61% of the time in 2021. It is a higher rate of compliance with cybercriminals than in any other sector because of the concern about the adverse effects that ransomware can create. Healthcare organizations cite their most significant reference in a cyberattack as their inability to operate, which can ultimately cause loss of life, compared to private organizations whose most considerable problem is loss of revenue.
Although the healthcare industry has been reactive rather than proactive regarding its vulnerability to cyberattacks, the experiences of the last few years have spurred some to take action. Hopefully, healthcare organizations will prioritize IT investment and healthcare cybersecurity plans to defend against cybercrime over the next few years.