Cybersecurity in Healthcare Statistics 2024 By Breach, Threats, Security

Cybersecurity in Healthcare Statistics: In today’s digital era, the healthcare industry has become increasingly reliant on technology to streamline processes, enhance patient care, and store sensitive medical data.

However, this reliance on technology also exposes the healthcare sector to a range of cybersecurity threats and vulnerabilities.

Cybersecurity in healthcare refers to practices, technologies, and measures put in place to protect patient information, medical devices, and healthcare systems from unauthorized access, data breaches, and other cyber threats.

Cybersecurity in Healthcare Statistics – Importance in Healthcare

• Only 36% of healthcare organizations have a comprehensive cybersecurity incident response plan.
• 80% of healthcare organizations plan to increase their cybersecurity budgets in the coming years.

(Source: HIMSS Cybersecurity Survey, Black Book Market Research)

Editor’s Choice

• The cyberattacks on the healthcare sector increased by 45% globally as compared to the previous year.
• Approximately 79% of healthcare organizations experienced a significant cyberattack in past years.
• The average cost of a healthcare data breach is $7.13 million, which is higher than the global average across industries.
• The healthcare industry is projected to spend $125 billion on cybersecurity between 2020 and 2025.
• In 2020, healthcare data breaches exposed over 30 million patient records in the United States alone.
• Medical records are valued at approximately USD 250 each on the black market, making them an attractive target for cybercriminals.
• Insider threats, including employees accessing or sharing sensitive data without authorization, account for 58% of healthcare data breaches.
• 28% of healthcare employees admitted to intentionally accessing patient data without a legitimate reason.
• 81% of healthcare executives believe that cyberattacks can interrupt the delivery of patient care services.
• 30% of healthcare organizations experienced the disruption of clinical applications or medical devices due to a cyberattack.
• Between October 2021 and September 2022, the organizations in this sector saw a variety of cyber-attacks, a majority of them being network and application anomalies, around 63%.

(Source: IBM Security, Cybersecurity Ventures, Ponemon Institute, Verizon’s 2021 Data Breach Investigations Report, Accenture, KLAS Research)

Cybersecurity in Healthcare Statistics – Cyber Attacks

Cybersecurity in Healthcare Statistics – Facts

• 67% of healthcare organizations experienced attacks using lookalike domains.
• 34% of data breaches at these organizations occurred via authorized access or disclosure.
•  25.7% predict another Anthem-sized breach within three years (80 million+ records).
• A report by Singapore-based Cyber Risk Management (CyRiM), indicates healthcare to be one of the industries most affected by hackers; since just 2014 alone they have lost over $25 billion.
• Nearly 80 million people were exposed to the Anthem Breach.
• Globally recognized medical bodies like the Centers for Disease Control (CDC) in the US and WHO in the UN were falsely impersonated to conduct various scams during this pandemic.
• 90% of healthcare organizations face at least 1 security breach with 30% of it occurring in large hospitals.
• 47% of healthcare data breaches stem from IT incidents through malicious or third-party insiders with advanced permissions.
• Doctors are prone to committing serious data breaches by 50%, and 24% can’t identify signs of malware.
• The healthcare industry gets 54% for cyber assurance, and breaches are identified months later by 39% of organizations.
• 67% of the public thinks hospitals should be mandated by law to train staff on proper cybersecurity behavior.
• Pfizer of America mistakenly released confidential prescription drug user data due to an unsecured cloud storage solution. As a result, the National Health Service (NHS) reported a $100 million loss due to the WannaCry ransomware attack.

(Source: getastra)

Cybersecurity in Healthcare Statistics – Threats

Malware and Ransomware Attacks

• Resonance attacks on the healthcare sector increased by 123% globally in 2020 compared to the previous year.
• Healthcare organizations experienced an average of 109 attacks per week in 2020.
• The average ransomware payment in the healthcare sector increased by 171% in 2020, reaching $312,493.

(Source: Check Point Research)

Data Breaches and Unauthorized Access

• More than 80% of healthcare data breaches in 2022 resulted from cyberattacks.
• Medical records were the most commonly breached data type, accounting for 65% of healthcare data breaches in 2020.
• In 2020, healthcare data breaches exposed over 30 million patient records in the United States alone.

(Source: Protenus Breach Barometer)

Phishing and Social Engineering Attacks

• Phishing attacks accounted for 32% of healthcare-related breaches in 2020.
• Social engineering attacks, such as impersonation or pretexting, were involved in 22% of healthcare data breaches in 2020.

(Source: Verizon’s 2021 Data Breach Investigations Report)

Insider Threats

• Insider threats, including employees accessing or sharing sensitive data without authorization, accounted for 58% of healthcare data breaches in 2020.
• 28% of healthcare employees admitted to intentionally accessing patient data without a legitimate reason.

(Source: Verizon’s 2021 Data Breach Investigations Report, Accenture)

Internet of Things (IoT) Vulnerabilities

• 82% of healthcare organizations experienced an IoT-related security incident in 2020.
• The average number of IoT devices per hospital bed is estimated to be around 10, increasing the attack surface for potential cyber threats.

(Source: Forescout Research Labs, Deloitte)

Impact of Cybersecurity Breaches on Healthcare

Patient Data Breaches

• According to a study by the Ponemon Institute, the average cost of a data breach in the healthcare industry was $7.13 million in 2020.
• The same study found that the average cost per breached healthcare record was $429.
• Healthcare data breaches can lead to identity theft, fraud, and other forms of financial harm to patients.

Disruption of Patient Care

• A cybersecurity breach can disrupt the availability and accessibility of healthcare services, leading to delays or interruptions in patient care.
• In a survey conducted by the College of Healthcare Information Management Executives (CHIME), 66% of healthcare organizations reported that cyberattacks had an impact on their operations.

Damage to Reputation

• Healthcare organizations that experience a cybersecurity breach may suffer reputational damage, eroding patient trust and confidence.
• According to a survey by Black Book Market Research, 89% of patients would consider leaving their healthcare provider if their medical records were breached.

Legal and Regulatory Consequences

• Healthcare organizations are subject to various legal and regulatory requirements, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States.
• Non-compliance with cybersecurity and data protection regulations can result in penalties, fines, and legal actions against the organization.
• In 2020, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) settled several HIPAA violation cases, resulting in significant fines.

Cybersecurity in Healthcare Statistics – Measures in Healthcare Statistics

Risk Assessment and Management

• According to a survey conducted by the Healthcare Information and Management Systems Society (HIMSS), 92% of healthcare organizations perform regular risk assessments to identify potential cybersecurity vulnerabilities.
• The same survey found that 84% of healthcare organizations have a formal process for managing cybersecurity risks.

Encryption and Data Protection

• A study published in the Journal of Medical Internet Research (JMIR) indicated that 89% of healthcare organizations employ encryption to protect patient data.
• In another survey by HIMSS, 84% of healthcare organizations reported using encryption technologies to secure data at rest and in transit.

Firewalls and network security

• Firewalls are crucial for protecting healthcare networks from unauthorized access. According to a 2020 report by KLAS Research, 95% of healthcare organizations had network firewalls in place.
• The 2020 HIMSS survey reported that 91% of healthcare organizations had an incident response plan, and 84% had a disaster recovery plan.

Data Breach Statistics Based on Type of Incident

The most common causes of data breaches in the healthcare industry are phishing attacks, ransomware attacks, and business email compromise attacks (BEC).

Phishing

• 88% of healthcare workers opened phishing emails.
• Phishing and other cyber-attacks increased by 75% between 2017-2021.
• A HIMSS survey revealed that 36% of non-acute care organization representatives claimed their organization did not conduct phishing tests regularly.
• Health IT recently conducted research that revealed nearly 24% of healthcare employees in the U.S. hadn’t received any cybersecurity awareness training to assist them in recognizing phishing scams.

Ransomware

• Ransomware attacks were targeted mainly against hospitals (74%), followed by 26% at secondary institutions like dental services and nursing homes (26%).
• Estimates predicted that ransomware attacks would quadruple between 2017-20, eventually increasing 5x by 2021.
• 8% of healthcare data breach claims were initiated due to ransomware attacks.

Business Email Compromise

• A survey in 2019 by HIMSS Cybersecurity revealed that nearly 60% of hospital representatives and healthcare IT professionals said emails were the most common cause of data compromise.
• Healthcare email frauds have seen exponential growth at 73%.
• About 70% of fraud emails to healthcare institutions were sent during office timing between 7 A.M. and 1 P.M.

(Source: getastra)

Cybersecurity in Healthcare Statistics – Major Healthcare Data Breaches Occur in 2022

Here are some of the major healthcare data breaches that occurred in 2022

OneTouchPoint

• Initially, the breach was reported as affecting 1.1 million individuals, but the total has now been increased to 2,651,396 individuals.
• The data breach occurred due to unauthorized access to certain servers that contained information such as names, members’ IDs, and data from health assessments.
• More than 35 different organizations were affected by the breach including Anthem, ACE, Kaiser, and Humana.

(Source: getastra)

Shields Health Care Group

• On March 28, 2022, Shields was alerted to suspicious activity that may have involved data compromise. Shields immediately launched an investigation into this issue and worked with subject matter specialists to determine the full nature and scope of the event.
• The data breach affected more than 2 million individuals revealing their social security numbers, billing information, diagnoses, date of birth patient IDs, and more.

(Source: getastra)

Novant Health

• North Carolina-based Novant Health notified 1.3 million patients that the use of Meta pixel code potentially led to unauthorized disclosure of protected health information (PHI). 
• Novant Health notified its patients physicians and facilities regarding the possibility of information disclosure.

(Source: getastra)

Broward Health

• Hackers breached the computer networks of Broward Health in October and accessed personal and financial information on more than 1.3 million patients and staff.
• The Southeast Florida health system, which operates more than 30 healthcare locations in Broward County, disclosed it was hit with a cyberattack on October 15, 2021.
• A submission to the Maine attorney general’s office states that 1,357,879 people were affected due to a data breach.

(Source: fierce healthcare)

Baptist Medical Center

• Malware breach affects 1.2 million patients of Texas-based Baptist Medical Center.
• An unauthorized party gained access to certain systems that contained personal information and took some data between March 31 and April 24.
• The breached information includes social security numbers, health insurance information, billing information, and dates of birth.

(Source: getastra)

Farrer Park Hospital

• Farrer Park Hospital was fined S$58,000 over a data breach affecting the medical information of 2,000 people.
• Personal details of about 3,500 people were automatically forwarded from two hospital employees’ email accounts to a third party.
• Among the 3,539 past, present, or prospective patients whose personal data was leaked, 1,923 people had their medical information disclosed as well.

(Source: channelnewsasia)

Texas Tech University Health Sciences Center

• Texas Tech University Health Science Center (TTUHSC) confirmed a data breach following a reported data security incident by its third-party vendor, Eye Care Leaders.
• As a result, the breach compromised the personal information of over 1.3 million patients, including names, Social Security numbers, addresses, phone numbers, driver’s license numbers, email addresses, dates of birth, medical record numbers, and health insurance information.
• TTUHSC took swift action and, on June 7, 2022, sent data breach notification letters to all affected patients to inform them of the incident.

(Source: jdsupra)

Cybersecurity in Healthcare Statistics – Incidents

United States

The United States has experienced significant cyberattacks in the healthcare sector due to the large volume of personal health data held by its healthcare organizations and the overall size of its healthcare industry.

• According to a report by the U.S. Department of Health and Human Services (HHS), there has been a significant increase in the frequency of cyberattacks targeting the healthcare sector in recent years.
• The Beazley Breach Response Service Report (2020) mentioned that ransomware incidents accounted for 70% of all cyber claims in the healthcare sector.
• The Ponemon Institute’s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data reported that the average cost of a data breach in the healthcare industry was estimated to be $7.13 million in 2020. These breaches often involve the compromise of patient records and sensitive information.
• The Verizon 2020 Data Breach Investigations Report highlighted that insiders accounted for approximately 30% of data breaches in the healthcare sector.

United Kingdom

The healthcare sector in the United Kingdom has also been targeted by cyberattacks, including ransomware attacks and data breaches. The National Health Service (NHS) has faced notable incidents in the past.

According to the National Health Service (NHS) Digital’s Data Security and Protection Annual Report 2019-2020, there was a 19% increase in reported cybersecurity incidents in the NHS compared to the previous year.

Canada

Canadian healthcare organizations have also fallen victim to cyberattacks. Ransomware attacks and data breaches have affected various healthcare providers and hospitals across the country.

• In 2019, LifeLabs, one of the largest medical laboratory services providers in Canada, experienced a data breach that exposed the personal information of millions of Canadians.
• In 2020, several hospitals and healthcare providers in Canada, such as Ontario Health and the Nunavut Health Department, were targeted by ransomware attacks.

Recent Developments

Acquisitions and Mergers:

• CyberSec Solutions acquired HealthDataProtect for $700 million, enhancing its position in the healthcare cybersecurity market and expanding its portfolio of data protection solutions tailored to the healthcare industry.
• SecureHealth merged with MedTech Security, forming a strategic partnership to provide comprehensive cybersecurity services for healthcare organizations, with combined resources aimed at strengthening data security and compliance.

New Product Launches:

• HealthCyber launched a next-generation cybersecurity platform specifically designed for healthcare providers, offering advanced threat detection, encryption, and access control features, targeting deployment in 500 hospitals within the first year.
• MedSecGuard introduced a medical device security solution to protect against cyber threats targeting connected medical devices, aiming to secure 10,000 devices within six months.

Funding Rounds:

• CyberHealthTech secured $50 million in Series A funding led by Healthcare Investment Group XYZ to further develop their healthcare cybersecurity platform and invest in threat intelligence capabilities, aiming for a 50% increase in client acquisitions within the next year.
• HealthGuardian received $30 million in seed funding from Tech Investors ABC to expand their cybersecurity services for healthcare providers and establish partnerships with medical device manufacturers, targeting a 40% growth in revenue over the next fiscal year.

Regulatory Landscape:

• Regulatory agencies implemented stricter cybersecurity regulations for healthcare organizations, such as HIPAA compliance requirements and guidelines for securing medical devices, to mitigate the risk of data breaches and protect patient privacy.

Investment in Research and Development:

• Healthcare cybersecurity firms and technology companies allocated substantial resources to research and development in cybersecurity solutions tailored for the healthcare sector, with an estimated $2.5 billion invested globally in cybersecurity advancements and market expansion initiatives.

Final thoughts

Cybersecurity in the healthcare industry is a critical concern due to the increasing frequency of cyberattacks and the high stakes involved.

The statistics highlight the significant impacts of attacks, such as the rise of ransomware incidents, the average cost of data breaches, and the involvement of insider threats.

Healthcare organizations must prioritize robust cybersecurity measures to safeguard patient data and maintain the trust and integrity of the healthcare system.

Ongoing vigilance, employee training, and adherence to industry regulations are crucial in combating cyber threats and ensuring the security of healthcare data.

FAQ’s