Security Violation and Data Breach More Common in Hospitals

Updated on :October 17, 2023
By :Jason Adams


Data breach is a pressing concern in the healthcare industry because their size and frequency are expanding rapidly. PII ( Personally Identifiable Information) and PHI (Protected Health Information) are managed by almost every unit in the hospitals and are a treasure trove for hackers as it carries confidential information about the patients. Most hospitals and healthcare facilities are focused on providing patients services but pay less attention on handling these data securely. Cybercriminals take advantage of this and exploit hospitals’ data by targeting their billing systems, hospital equipment, pharmacies, insurance systems, laboratories, health portals, and even ambulance services. As per World Economic Forum, healthcare cyber attacks are on the rise, experiencing an average of 1684 attacks per week.  

On top of it, hospitals are undergoing a massive transformation in their operations due to the digital revolution, but along with it, the cyber-threats are also evolving, which is a completely new challenge for the hospital industry. Data theft in hospitals and healthcare organizations has become pervasive, and it is essential that experts take a proactive approach to stop them. 

This news story reflects the latest events of cyber attacks in the healthcare industry, techniques used by hackers for data breaches, and the best approach to control the cyber-attacks, including the latest technologies and solutions like hospital management software.

Current Cyber Attacks Trends In HealthCare Industry

  • Email phishing:  It is a form of social engineering where hackers impersonate legitimate organizations to steal information via emails. 
  • Automated hacking:  In automated hacking, cybercriminals use automation tools to find the vulnerability in the network or system, and once identified, they exploit the system. For instance, a tool called Shodan indexes data from any device connected to the internet, like webcams, mobile phones, IoT devices, etc. This data give details on whether the devices or servers connected to the network are protected or not. Likewise, there are other automation tools that work differently and retrieve information that could be beneficial for hackers, such as the number of open ports, outdated server software, flaws in the network, reading or writing data over unsecured networks, etc. 
  • Ransomware and Cryptojacking: Ransomware is a type of malware where the victim's information is encrypted, and hackers demand ransom to decrypt this information. The most popular ransomware was WannaCry, which affected 200,000 computers in at least 100 countries. In Cryptojacking, cybercriminals take control of the host computer to mine cryptocurrency.
  • AI-based hacking: Cyber criminals are taking advantage of AI’s capabilities to self-learn and identify data patterns. These capabilities can be used by hackers to study the weakness in the system, design intelligent malware, conceal malicious codes, password guessing or password generative adversarial network, create deepfake data, captcha cracking, etc. Recent development in AI-based tool like ChatGPT provides a new gateway for bad actors to exploit victims’ system. They use ChatGPT to perform cryptographic operations (signing, encryption, or decryption function) and recreate malware strain. As per Statista, hackers might use ChatGPT to craft more legitimate phishing emails and could help less experienced hackers to improve their technical knowledge.
  • Malware: Malware encrypts computers, mobile devices, or other medical devices where patients' data are stored and demands payment to release the data.
  • Lost or theft of equipment:  Lost or theft of equipment is a common threat in the healthcare industry. Hackers can retrieve data from this equipment and use them for monetary gain.
  • Hack PGHD (Patient-Generated Health Data) apps: The use of PGHD (patient-generated health data) has become a common practice in the healthcare sector with the increasing demand for mobile apps. Mobile health apps and wearable devices generate the majority of PGHD, so health apps always remain on the hackers’ radar. They usually target the app’s API to hack the patients’ data.
  • Insider or intentional data loss:  These types of attacks are usually executed by internal staff members, partners, or contractors to steal data, also known as turncloaks. 
  • Attacks against connected (IoT) devices: Unprotected IoT devices are easy prey for hackers, which includes VoIP devices, medicine dispensers, MRI machines, IV pumps, security cameras, etc.

The News:

  • As per the “The Health Insurance Portability and Accountability Act” - HIPAA journal, hacking/IT incidents are the major cause of PHI data theft in HIPAA-regulated entities, and it also states that network server is the top target for cybercriminals to steal data, followed by email, electronic medical record, desktop computer, paper/films, and other portable electronic devices.  
  • The healthcare industry remains a top target for cybercriminals. Growing digitization of the patient and medical records is equally contributing to the growth of the criminal exploitation of healthcare data
  • The healthcare sector has recorded three times more data breaches than any other sectors, including education, finance, retail, and government. 
  • It has been estimated that lost or stolen PHI ( Protected Health Information) may cost the US healthcare industry upto $7 billion dollars annually. 
  • More than 4 million individuals were affected during the data breach of the Miami-based healthcare system and reported as the largest data breach so far.
  • A California-based medical group revealed that their data had been exposed to a ransomware attack affecting over 3.3 million individuals.
  • IBM’s report on data breaches indicates that the cost of a data breach in the healthcare industry is around $10.10 million dollars becoming the most costly of any industry.  
  • To prevent hackers from data theft or disclosing individually identifiable health information, OCR enforced monetary fines for HIPAA policy violations that range from $100 to $50,000 per violation or per record. The maximum penalty is $1.5 million.
  • The federal record stated that around 385 million patient records exposed 385 million patients from 2010 to 2022.
  • Reportedly, the largest data breach incident in the United States was the Accellion FTA Hack, where nearly 3.51 patients’ records were hacked.
  • In its report, HIPAA stated that hackers are increasingly using cloud-based apps to bypass security standards and deliver malware.

How did we get here?

#1 How are Hospitals Becoming Top Targets for Hackers, and Why Neutralizing the Attacks Is the Top-priority of Healthcare Organizations?

Hospitals and healthcare sectors are more susceptible to cyber-attacks due to the fact that it carries a high volume of sensitive data, including financial data like credit card numbers, online transactions, and bank account details. Either the computers are taken over by an anonymous attacker from a remote location, or the files in the system are exfiltrated. Besides these, the increasing trend of online consultation, telemedicine, healthcare apps, and digital healthcare services provides more gateways to cybercriminals to hack the system.   

Cybercriminals are targeting hospitals’ data servers to steal patients’ personal information for monetary gains, but these intrusions have become more lethal with ransomware. Hackers controlling the servers interrupt the entire care facilities, like ventilators or other life-supporting medical equipment, which in many cases leads to catastrophic incidents, including patient death.

Patient’s data is more valuable on the dark web than their credit card or debit cards. It is sold 10 to 20 times more than credit card data. Unlike credit cards, patients’ data have a much longer lifetime and cannot be blocked. Also, it is evident that hospitals can’t stay long without patients’ data and are ready to pay the ransom. Due to this, it is the primary target for cybercriminals. Certainly, steps can be taken to prevent cyberattacks, but not before addressing some common challenges of it.

#2 Challenges Faced by Hospitals in Preventing Cyber-attacks

Lack of security awareness and use of legacy systems: Most hospitals and healthcare systems implement security measures when damage is already done. Lack of security awareness and not becoming proactive toward replacing legacy systems are the main challenges in preventing cyber-attacks. In one of its surveys, HIMSS (healthcare cybersecurity survey) claimed that the majority of healthcare providers use legacy operating systems. Hospitals and healthcare providers prefer sticking to their legacy systems are more likely to miss out on patch updates or security policies that are essential to protect hospitals’ databases. They also face compatibility issues while dealing with third-party vendors that have already moved to the latest technology.
Improper disposal of PHI records: Many hospitals do not follow the guidelines to dispose the patients' data or maintain a proper inventory of the records. The improper disposal of PHI records is one of the prime reasons for data breaches.
Poor incident response system: A comprehensive incident response plan is critical to protect hospital data from cyber attacks, but many health organizations handle them in an ad hoc manner. They see an incident response plan as a one-time event and not an ongoing process. Eventually, they end up with a poor incident response plan with incorrect details about tools and resources. As per the HIPAA Journal, healthcare organizations score poorly for practicing cyber incident response. 
Inadequate endpoint device management: A well-defined endpoint device management process ensures that the data and workflows associated with devices remain protected. But the increasing number of devices in hospitals’ IT networks makes it cumbersome for the security team to manage them substantially. Poor endpoint device management can give hackers the opportunity to accomplish their malicious intent. This issue is especially encountered when hospitals and clinics do mergers and acquisitions to expand their operations and integrate their IT infrastructure and networking system with other platforms. 
Trading off security investment: Various costs associated with hospital operations include supplies, maintenance, billing, waste disposal, documentation, procuring equipment, etc. Since the healthcare industry is extremely cost-constrained, they generally refrain from investing in security infrastructure. Compared to other industries, hospitals are investing the least in enhancing IT security, leaving them vulnerable to security risks.
Reliance on vendors: Hospitals generally opt for third-party services for multiple reasons like shortage of skilled workers, control the costs of operations, lack of resources, free up internal staff, etc.  But unfortunately, their reliance on vendor services without verifying their security measures and protocols can put hospitals at high risk of cyber attacks. 
Using uncertified equipment:  The convergence of technology and hyper-connectivity trend in healthcare organizations make medical devices a common target for cybercriminals. When not aligned with regulatory compliance and security protocols, these devices can become an excess point for cybercriminals.  

#3 Top Strategies to Prevent Cyber-attacks in Hospitals and Healthcare Systems

Proactive data breach response plan: Data breaches often result in patients’ loss of trust, which eventually cost millions of dollars to healthcare providers.  In one of the surveys, Statista reported that the average cost of a data breach in the healthcare sector amounted to over 10 million U.S. dollars. It is possible to stop data breach attempts by taking simple precautionary steps. For instance, in the USA, HIPAA exercises a breach notification rule according to which physicians must notify patients and the U.S Department of Health & Human Services (HHS) when their unsecured protected health information (PHI) is disclosed. A comprehensive data breach response plan limits the incidents of cyber-attacks and works well in the most inevitable cyber attack like ransomware. 

Document, review and test incident response plan: Dealing with security threats has become a mammoth task for most organizations as they are becoming more advanced and evolving continuously. A single line of defense is not enough to nullify these attacks and requires a comprehensive incident response plan to minimize the loss and destruction. A well-documented incident response plan that is regularly reviewed, tested, and updated can limit the number of incidents. NIST follows the most up-to-date standards and procedures to make organizations' IT infrastructure more secure by suggesting the best incident response plan. It defines the counter measures and security policies to neutralize the cyber attacks. It involves phases like planning and preparation, detection and analysis, prioritizing the incidents, containment and eradication, and recovery.  

  1. Planning and preparation: In this stage, various activities are carried out like, an incident response team is established, security policies are created, communication channels get streamlined, and risk assessment is done.
  2. Detection: Attack indicators and precursors are identified through review logs and a threat monitoring system.
  3. Analysis and assessment: On a day-to-day basis, the cyber security team encounters hundreds of attack indicators, and they need to verify the real threat out of it. Once identified, the security team should analyze the threat - how it occurred, the origin of the threat, and the network or system is affected.
  4. Containment and Eradication:  To reduce the impact of cyber attacks, it is necessary to contain the threat and eradicate them.  All the infected systems are identified, and a containment decision is taken.
  5. Recovery: The administrator restores systems and ensures that everything is functioning well. Various steps in the recovery plan involve replacing infected files, installing patches, strengthening networks, backups, etc.

AI-driven endpoint detection and response system (EDR): Modern healthcare systems are interconnected through various devices and computers and work as a single unit. Most of these devices use wireless technology for communication and are susceptible to cyber-attacks. Endpoint security staff often struggle to investigate the cause of cyber attacks, and execute remediation steps, in such a situation, AI-driven EDR solutions can accelerate the threat detection possibility. EDR solution analyzes cyber threats in real time and automatically responds to them. 

Encrypt data at rest: Hospitals’ administration should ensure that all their data are encrypted, and staff does not store them in portable devices like laptops or flash drives. If hackers steal these devices, they can use brute force attacks to access the device and infiltrate the hospital network. Hospital authorities can use various tools to encrypt the patients’ protected health information. 
Hire a chief information security officer (CISO): The role of CISO or chief information security officer is to develop and implement cybersecurity programs and policies. They look after the incident response and disaster recovery planning. They are responsible for building a strong security infrastructure by continuously monitoring the system, overseeing cybersecurity personnel, increasing cybersecurity awareness, providing training, and assessing supply chain or third-party threats. 
Modernization of healthcare systems: Healthcare organizations are more vulnerable to cyber attacks not because they are not implementing robust cybersecurity measures but because they have weak points or loopholes in their network. Regarding security, the traditional IT infrastructure has several limitations, like outdated operating systems, lack of real-time visibility, compatibility, compliances, and so on. The legacy security system is not powerful enough to secure today’s healthcare system and requires a shift to modernization. The next-generation healthcare system can automatically discover threats and monitor all the elements of cybersecurity.  
Secure the cloud:Hospitals are relying on the latest technologies like cloud computing, to keep pace with current trends and deliver affordable services. Though cloud service providers follow best practices to secure cloud infrastructure they are still prone to cyber-attacks. However, there are various strategies that healthcare providers can take to secure their cloud infrastructure, like using anti-malware programs, updating operating systems regularly, using two-factor authentication, setting up privacy settings, encrypting files both on the cloud and on the computer, setting up privacy settings, checking system for anomalies and using strong passwords. IBM report also states that organizations with a hybrid cloud model face lower data breaches compared to a public or private cloud model. So hospitals should also be strategic in adopting cloud models.
Implement Zero Trust Security Model:  Zero trust security model helps organizations to optimize cyber resiliency and minimize data theft incidents. In a traditional setup, organizations use firewalls and network monitoring tools to inspect cyber threats. But there is a catch: the legacy system blocks anyone accessing the network from outside, but everyone inside the network is considered safe by default. It can be a serious problem if cybercriminals succeed in breaching the network; they can go unidentified. Safeguarding modern healthcare systems with traditional security measures is inadequate, and Zero Security Model is an ideal way to resolve this issue. The zero-trust security model allows security experts to bridge the gap in their IT infrastructure and respond to security threats proactively. The zero trust security model is based on three principles- data are inaccessible by default (privilege-based access), verifies and authorizes every connection in the network, and micro-segmentation (network isolation). 
Invest in hospital management software: To achieve a robust security system there are multiple factors that work together, like abiding the regulatory compliances, managing internal cybersecurity policies, training staff, taking data backup, data encryption, etc. A holistic hospital management software takes care of all these activities from a single interface and supports augmenting hospitals’ cyber security.

#4 How Can Hospital Management Software Help the HealthCare Industry Become Resilient Against Security Violations or Data Theft?

Hospitals and healthcare centers dealing with digital records should now follow compliance standards, security measurements, network controls and risk management to smoothly address privacy and cybersecurity issues.  It is safe to follow the principle of Zero trust - Never trust, always verify approach, says the Center for Cybersecurity, as defined by Forrester and NST. Hospital management software is a versatile tool that assists healthcare organizations with patient registration to appointments and workforce management in a secured environment.  The tool integrates with advanced technologies and automates several tasks that can support hospitals in protecting patients' data from cybersecurity threats.

Data storage and backup:  With hospital management software, it is easy to store and access patients’ data regardless of their size and volume. All the documents are shared and administered from a single location, reducing the risks of losing or misplacing the documents. It also offers security features like privileged access and double-factor authentication, which makes it more secure and reliable.
Regulatory compliance management:  Failing to meet or update regulatory compliances can make patients' data vulnerable to cyber threats. The hospital management software facilitates managing and supervising various compliances automatically, ranging from HIPAA, and GDPR, to EO 14028 and others.  
Orient security training: Manyhealthcare organizations are more prone to cyber threats because their staff lacks security awareness and commit errors that make them susceptible to cyberattacks. The hospital management solution can assist IT experts in orienting security training programs and providing on-demand training sessions. 
Third-party vendor management: Hospitals have to work with a range of third-party suppliers or vendors to carry out their routine activities. It is necessary that hospitals verify vendors that follow strong security measures and protocols to protect the data.  With so many vendors to deal with, it is difficult to keep track of vendors manually. But with hospital management software, it is easy to manage multiple vendors and see whether all vendors meet the security requirements. 
MIoT data management: As technology advances, the number of digital gateways for cybercriminals also increases.  Hospitals and healthcare organizations are adopting MIoT devices, gadgets, and other mobile health technologies to speed up hospital operations, but they hold sensitive data of patients. Since MIoT and other mobile devices cannot store enough data, healthcare organizations can transfer this data to cloud-based hospital management software. 
Reports and analytics: Reports and analytics can turn out to be a good indicator to detect any abnormalities faced by the hospitals. Users can track KPIs and other metrics in live to check that hospital operations are conducted under normal circumstances and that there is no downtime. Some advanced hospital management tools give in-depth information like who, when, and where data has been accessed.   
Manage security at various levels: Healthcare organizations today are shifting to cloud infrastructure to reduce operating costs, manage the high volume of data, and share sensitive information like PHI. Considering the potential risks of sharing patients' sensitive data, many modern-day hospital management software supports end-to-end data encryption. Besides these, hospital management software helps to protect organizations’ resources by implementing zero trust architecture. It strictly implements role-based access regardless of its physical location, network location, or asset ownership. 

What’s Next?

The healthcare industry and hospitals have gone through unprecedented changes in their operation, but cybercriminals are continuously innovating their strategies and using novel techniques to target hospitals’ data and resources. With the threats continuing to evolve and nearly everything being connected digitally, it is necessary that the healthcare industry strengthen its IT infrastructure and redefine its strategies for cyber securities. Interestingly, the global healthcare cybersecurity market is indicated to touch USD 35.3 Billion by 2028. Along with the regulations and compliances, and having an incident response team, hospitals should invest in advanced technologies and software solutions that can predict, alert and help in combating modern cyber attacks, and build resilience to them.

Jason Adams
Jason Adams

Jason Adams is a content writer with a keen interest to continue learning and develop his research abilities. An avid reader and an eye toward growth, he is associated with GoodFirms, a frontline and evolving reviews and rating platform.

Read Similar Blogs

10 Key Questions To Ask a Vendor Before Investing in a Hospital Management Software

10 Key Questions To Ask a Vendor Before Investing in a Hospital Management Software

The healthcare industry has seen a tremendous transformation over the last few decades due to the shift from traditional working models. This led to the rise of ... Read more

Coronavirus COVID-19 Update: Can These Top Software Solutions Help in the Prevention and Control of the Deadly Infection?

Coronavirus COVID-19 Update: Can These Top Software Solutions Help in the Prevention and Control of the Deadly Infection?

The recent outbreak of the novel Coronavirus COVID-19 has put the whole world on edge. We are living in the 21st century with massive scientific developments an ... Read more

Hospital Management Then and Now

Hospital Management Then and Now

Effective hospital management system and facilities are the factors which differentiate a good hospital from crowded and chaotic healthcare institutes. The impo ... Read more