Cybersecurity in Healthcare Concern Due to The Increasing Frequency of Cyberattacks

According to Cybersecurity in Healthcare Statistics, Cybersecurity in healthcare refers to practices, technologies, and measures put in place to protect patient information, medical devices, and healthcare systems from unauthorized access, data breaches, and other cyber threats.”

Editor’s Choice

• The cyberattacks on the healthcare sector increased by 45% globally as compared to the previous year.
• Approximately 79% of healthcare organizations experienced a significant cyberattack in past years.
• The average cost of a healthcare data breach is $7.13 million, which is higher than the global average across industries.
• The healthcare industry is projected to spend $125 billion on cybersecurity between 2020 and 2025.
• In 2020, healthcare data breaches exposed over 30 million patient records in the United States alone.
• Medical records are valued at approximately USD 250 each on the black market, making them an attractive target for cybercriminals.
• Insider threats, including employees accessing or sharing sensitive data without authorization, account for 58% of healthcare data breaches.
• 28% of healthcare employees admitted to intentionally accessing patient data without a legitimate reason.
• 81% of healthcare executives believe that cyberattacks can interrupt the delivery of patient care services.
• 30% of healthcare organizations experienced the disruption of clinical applications or medical devices due to a cyberattack.
• Between October 2021 and September 2022, the organizations in this sector saw a variety of cyber-attacks, a majority of them being network and application anomalies, around 63%.

Cybersecurity in Healthcare General Statistics

• 67% of healthcare organizations experienced attacks using lookalike domains.
• 34% of data breaches at these organizations occurred via authorized access or disclosure.
•  25.7% predict another Anthem-sized breach within three years (80 million+ records).
• A report by Singapore-based Cyber Risk Management (CyRiM), indicates healthcare to be one of the industries most affected by hackers; since 2014 alone they have lost over $25 billion.
• Nearly 80 million people were exposed to the Anthem Breach.
• Globally recognized medical bodies like the Centers for Disease Control (CDC) in the US and WHO in the UN were falsely impersonated to conduct various scams during this pandemic.
• 90% of healthcare organizations face at least 1 security breach with 30% of it occurring in large hospitals.
• 47% of healthcare data breaches stem from IT incidents through malicious or third-party insiders with advanced permissions.
• Doctors are prone to committing serious data breaches by 50%, and 24% can’t identify signs of malware.
• The healthcare industry gets 54% for cyber assurance, and breaches are identified months later by 39% of organizations.
• 67% of the public thinks hospitals should be mandated by law to train staff on proper cybersecurity behavior.
• Pfizer of America mistakenly released confidential prescription drug user data due to an unsecured cloud storage solution. As a result, the National Health Service (NHS) reported a $100 million loss due to the WannaCry ransomware attack.

Impact of Cybersecurity Breaches on Healthcare

• According to a study by the Ponemon Institute, the average cost of a data breach in the healthcare industry was $7.13 million in 2020.
• The same study found that the average cost per breached healthcare record was $429.
• Healthcare data breaches can lead to identity theft, fraud, and other forms of financial harm to patients.
• A cybersecurity breach can disrupt the availability and accessibility of healthcare services, leading to delays or interruptions in patient care.
• In a survey conducted by the College of Healthcare Information Management Executives (CHIME), 66% of healthcare organizations reported that cyberattacks had an impact on their operations.
• Healthcare organizations that experience a cybersecurity breach may suffer reputational damage, eroding patient trust and confidence.
• According to a survey by Black Book Market Research, 89% of patients would consider leaving their healthcare provider if their medical records were breached.
• Healthcare organizations are subject to various legal and regulatory requirements, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States.
• Non-compliance with cybersecurity and data protection regulations can result in penalties, fines, and legal actions against the organization.
• In 2020, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) settled several HIPAA violation cases, resulting in significant fines.

Data Breach Statistics Based on Type of Incident

• 88% of healthcare workers opened phishing emails.
• Phishing and other cyber-attacks increased by 75% between 2017-2021.
• A HIMSS survey revealed that 36% of non-acute care organization representatives claimed their organization did not conduct phishing tests regularly.
• Health IT recently conducted research that revealed nearly 24% of healthcare employees in the U.S. hadn’t received any cybersecurity awareness training to assist them in recognizing phishing scams.

• Ransomware attacks were targeted mainly against hospitals (74%), followed by 26% at secondary institutions like dental services and nursing homes (26%).
• Estimates predicted that ransomware attacks would quadruple between 2017-20, eventually increasing 5x by 2021.
• 8% of healthcare data breach claims were initiated due to ransomware attacks.

• According to a survey in 2019 by HIMSS Cybersecurity revealed that nearly 60% of hospital representatives and healthcare IT professionals said emails were the most common causes of data compromise.
• Healthcare email frauds have seen exponential growth at 73%.
• About 70% of fraud emails to healthcare institutions were sent during office timing between 7 A.M. and 1 P.M.

Major Healthcare Data Breaches Occur in 2022

OneTouchPoint

• Initially, the breach was reported as affecting 1.1 million individuals, but the total has now been increased to 2,651,396 individuals.
• The data breach occurred due to unauthorized access to certain servers that contained information such as names, members’ IDs, and data from health assessments.
• More than 35 different organizations were affected by the breach including Anthem, ACE, Kaiser, and Humana.

Baptist Medical Center

• Malware breach affects 1.2 million patients of Texas-based Baptist Medical Center.
• An unauthorized party gained access to certain systems that contained personal information and took some data between March 31 and April 24.
• The breached information includes social security numbers, health insurance information, billing information, and dates of birth.

Texas Tech University Health Sciences Center

• Texas Tech University Health Science Center (TTUHSC) confirmed a data breach following a reported data security incident by its third-party vendor, Eye Care Leaders.
• As a result, the breach compromised the personal information of over 1.3 million patients, including names, Social Security numbers, addresses, phone numbers, driver’s license numbers, email addresses, dates of birth, medical record numbers, and health insurance information.
• TTUHSC took swift action and, on June 7, 2022, sent data breach notification letters to all affected patients to inform them of the incident.