According to the Ponemon Institute’s “2016 Cost of Data Breach Study,” a stolen health care record cost the average business $355 in 2016. That’s more than twice the mean cost of $158 across all industries. It’s safe to say, then, that this cost will continue to rise in the health care industry as the threat of ransomware rapidly increases.

In a notable example from 2016, cybercriminals attempted to extort a hospital for $3.6 million. The victimized organization ended up paying a smaller amount, but the incident showed that hospitals are popular targets for ransomware-wielding fraudsters.

IBM Report Reveals Top Health Care Hazards

Insider threats, both malicious and inadvertent, also continue to plague health care organizations. According to IBM Managed Security Services (MSS) data, insiders were responsible for 68 percent of all network attacks targeting health care data in 2016. Almost two-thirds of those attacks originated from unwitting parties who may have fallen victim to phishing scams or misconfigured servers.

Ransomware attacks and insiders aren’t the only threats to the health care sector. Risks can also materialize through indirect events such as third-party electronic health record (EHR) vendor breaches. In 2015, for example, a health care software company revealed that cybercriminals had stolen data belonging to almost 4 million patients.

The new IBM report on the MSS data revealed that 48 percent of attacks use malicious data input to control or disrupt a target system’s behavior. This represents the No. 1 attack vector threatening health care data.

Fortify Your Security Immune System

Despite being under constant pressure to lower the cost of health care to consumers, medical organizations simply cannot afford to risk multimillion dollar losses by shirking cybersecurity. That’s why healthy security is just what the doctor ordered.

Attacks against health care organizations will only multiply as the black market value of medical records packaged into full individual profiles continues to rise in 2017. Now, more than ever, organizations must address the urgent need to transform a point product-based set of security solutions into an integrated security immune system. You can learn more by reading the IBM report “Security Trends in the Health Care Industry.”

Download the report now

More from Healthcare

Cost of a data breach 2023: Healthcare industry impacts

3 min read - Data breaches are becoming more costly across all industries, with healthcare in the lead. The 2023 Cost of a Data Breach Report analyzes data collected from March 2022 to March 2023. Healthcare remains a top target for online criminal groups. These data breach costs are the highest of any industry and have increased for the 13th consecutive year. Healthcare is a highly regulated industry that the U.S. government considers critical infrastructure. As such, recent federal privacy standards, security standards and…

Cyberattackers target the Latin American health care sector

3 min read - Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern. The value of healthcare data in the illegal market, such as the personal, medical and financial information of patients and healthcare companies, creates an appealing target for threat actors. This can have serious consequences for the privacy and information security of these organizations. Cyberattacks could lead to reputational risks, interruption of operations,…

Increasingly sophisticated cyberattacks target healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

Reporting healthcare cyber incidents under new CIRCIA rules

4 min read - Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your…