Reporting on cybersecurity issues tends to focus on the results of a breach. However, the most important takeaway is how an event happened in the first place. By understanding the incident’s cause and the direction of cyber crime trends, healthcare organizations can more effectively protect their data, their infrastructure and their reputation.

Theft and unauthorized access to financial assets often make headlines because they’re dramatic. But the hacking of healthcare systems is now a top concern, and healthcare organizations must proactively protect themselves against these attacks.

Has healthcare finally reached a plateau in terms of the number of breaches the industry experiences? After a 250% rise in breach numbers from 2011 to 2021, the Fortified Health Security 2023 Horizon Report revealed that the number of breaches did decrease slightly in 2022. However, according to the IBM 2022 Cost of a Data Breach report, the healthcare industry is still the costliest industry for a breach —  at $10.1 million on average — for the twelfth year in a row.

Hacking is Now the Biggest Threat to Healthcare

Despite breaches on the downward trend, hacking remains a pressing concern. Fortified Health found that 78% of data breaches in 2022 were from hacking and IT incidents, an increase from 45% in 2018. Unauthorized access — the second leading cause — accounted for 38% of incidents in 2018 and now is only responsible for 16%. Other causes noted were theft, loss and improper data disposal.

Hacking isn’t a single type of threat. It is the act of compromising something — a device, a network, a database. Hacking encompasses many different ways in which cyber criminals gain access to infrastructure, data and devices. Press releases regarding incidents typically focus on the type of attack, not how it actually happened. This causes the focus on hacking to veer away from the information which can better protect organizations in the future.

Each time someone falls prey to social engineering that allows unauthorized access, hacking is what sets up the scheme. Every virus or malware falls under the umbrella of hacking; even ransomware is a form of hacking. And while hacking makes many of us envision someone acting alone in their basement lair, modern malicious actors are highly sophisticated and a major threat to healthcare and other organizations.

Cyber Criminals Specifically Targeting Healthcare

Attackers often set their sights on healthcare organizations because breaches and incidents have a high impact. Because healthcare is an essential service, organizations are more likely to pay ransoms to provide continuous care when business disruptions can have devastating consequences. Additionally, healthcare organizations possess high-value data, such as personal and financial information. Attackers can often resell records for high prices on the dark web.

Healthcare also offers a tempting target because many providers and organizations have legacy infrastructure and hardware. The lack of modern infrastructure and disjoined systems make it very challenging to protect against cyber threats. Attacks often go undetected for longer periods of time than other industries because the silos and multiple systems — often on-premise — make it hard to spot suspicious activity.

Reducing the Risk of Hacking

Healthcare organizations must proactively take steps to reduce hacking. Here are ways to lower risk at both large and small organizations:

  • Ensure all devices follow best security practices. Many healthcare organizations are increasingly using mobile devices for patient care and communication. Require employees to use strong passwords and keep all software updated on the devices.
  • Provide training to employees and contractors. With temporary employees often working in healthcare, you must be extra vigilant about making sure that everyone accessing the network receives training on best practices. Spotting phishing attacks and knowing the steps to take if you fall victim are especially important skills.
  • Use microsegmentation as a part of your zero trust model. By making sure that employees only have the access that they need to do their job by only providing access to the smallest possible part with microsegmentation, you can reduce risk, especially of social engineering and malware attacks. If an attacker breaches your organization, then the cyber criminals only gained access or damaged a very small part of the network.

Hacking is not a new threat to healthcare. But with the increased use of devices and remote work, the opportunities for hacking are higher than ever. By understanding your vulnerabilities and taking proactive action, you can reduce your risks of being hacked.

More from News

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read

Google’s Bug Bounty Hits $12 Million: What About the Risks?

4 min read - Bug bounty numbers have never been better. In 2022, Google rewarded the efforts of over 700 researchers from 68 different countries who helped improve the security of the company’s products and services. The total amount of awards grew from $8.7 million paid in 2021 to $12 million in 2022, a nearly 38% increase. Over the past few years, bug bounty programs have gained significant traction. Companies have been lured in by the potential to identify vulnerabilities quickly, enhance product security…

4 min read

Swiss Army Knife Malware Slices Through Systems In so Many Ways

4 min read - What if one single malware strain could cut through any security that tried to stop it? In a new study of more than 550,000 live malware strains, the Picus Red Report 2023 has unveiled a trove of over 5 million malicious activities. In the report, researchers identified the top tactics utilized by cyber criminals in 2022. Picus' findings also highlighted the growing prevalence of "Swiss Army knife malware". This type of malicious software is capable of executing a range of…

4 min read

Will Threat Actors Face Layoffs in 2023?

2 min read - You can’t look at the news these days without reading about layoffs in the technology sector. Roger Lee, founder of told that more than 120,000 tech employees lost their jobs in 2023 as of Feb 27, compared to 161,411 in all of 2022. However, all layoffs aren’t bad news. Most people don’t think of criminals losing their jobs. But if the criminal activity isn’t making money, then it makes no sense to continue. And that is happening in…

2 min read