Health Care Data at Growing Risk From Ransomware, Insiders and Third-Party Breaches

According to the Ponemon Institute’s “2016 Cost of Data Breach Study,” a stolen health care record cost the average business $355 in 2016. That’s more than twice the mean cost of $158 across all industries. It’s safe to say, then, that this cost will continue to rise in the health care industry as the threat of ransomware rapidly increases.

In a notable example from 2016, cybercriminals attempted to extort a hospital for $3.6 million. The victimized organization ended up paying a smaller amount, but the incident showed that hospitals are popular targets for ransomware-wielding fraudsters.

IBM Report Reveals Top Health Care Hazards

Insider threats, both malicious and inadvertent, also continue to plague health care organizations. According to IBM Managed Security Services (MSS) data, insiders were responsible for 68 percent of all network attacks targeting health care data in 2016. Almost two-thirds of those attacks originated from unwitting parties who may have fallen victim to phishing scams or misconfigured servers.

Ransomware attacks and insiders aren’t the only threats to the health care sector. Risks can also materialize through indirect events such as third-party electronic health record (EHR) vendor breaches. In 2015, for example, a health care software company revealed that cybercriminals had stolen data belonging to almost 4 million patients.

The new IBM report on the MSS data revealed that 48 percent of attacks use malicious data input to control or disrupt a target system’s behavior. This represents the No. 1 attack vector threatening health care data.

Fortify Your Security Immune System

Despite being under constant pressure to lower the cost of health care to consumers, medical organizations simply cannot afford to risk multimillion dollar losses by shirking cybersecurity. That’s why healthy security is just what the doctor ordered.

Attacks against health care organizations will only multiply as the black market value of medical records packaged into full individual profiles continues to rise in 2017. Now, more than ever, organizations must address the urgent need to transform a point product-based set of security solutions into an integrated security immune system. You can learn more by reading the IBM report “Security Trends in the Health Care Industry.”

Download the report now

Share this Article:
Michelle Alvarez

Threat Researcher and Editor, IBM Managed Security Services

Michelle Alvarez is a Threat Researcher and Editor for IBM's Managed Security Services; she brings more than 10 years of industry experience to her role. In this role she focuses communications efforts around threat research and mitigation. Michelle joined IBM through the Internet Security Services (ISS) acquisition, where she served as an Analyst on the X-Force Vulnerability Database Team.