May 1, 2023 By Jennifer Gregory 3 min read

Reporting on cybersecurity issues tends to focus on the results of a breach. However, the most important takeaway is how an event happened in the first place. By understanding the incident’s cause and the direction of cyber crime trends, healthcare organizations can more effectively protect their data, their infrastructure and their reputation.

Theft and unauthorized access to financial assets often make headlines because they’re dramatic. But the hacking of healthcare systems is now a top concern, and healthcare organizations must proactively protect themselves against these attacks.

Has healthcare finally reached a plateau in terms of the number of breaches the industry experiences? After a 250% rise in breach numbers from 2011 to 2021, the Fortified Health Security 2023 Horizon Report revealed that the number of breaches did decrease slightly in 2022. However, according to the IBM 2022 Cost of a Data Breach report, the healthcare industry is still the costliest industry for a breach —  at $10.1 million on average — for the twelfth year in a row.

Hacking is now the biggest threat to healthcare

Despite breaches on the downward trend, hacking remains a pressing concern. Fortified Health found that 78% of data breaches in 2022 were from hacking and IT incidents, an increase from 45% in 2018. Unauthorized access — the second leading cause — accounted for 38% of incidents in 2018 and now is only responsible for 16%. Other causes noted were theft, loss and improper data disposal.

Hacking isn’t a single type of threat. It is the act of compromising something — a device, a network, a database. Hacking encompasses many different ways in which cyber criminals gain access to infrastructure, data and devices. Press releases regarding incidents typically focus on the type of attack, not how it actually happened. This causes the focus on hacking to veer away from the information which can better protect organizations in the future.

Each time someone falls prey to social engineering that allows unauthorized access, hacking is what sets up the scheme. Every virus or malware falls under the umbrella of hacking; even ransomware is a form of hacking. And while hacking makes many of us envision someone acting alone in their basement lair, modern malicious actors are highly sophisticated and a major threat to healthcare and other organizations.

Cyber criminals specifically targeting healthcare

Attackers often set their sights on healthcare organizations because breaches and incidents have a high impact. Because healthcare is an essential service, organizations are more likely to pay ransoms to provide continuous care when business disruptions can have devastating consequences. Additionally, healthcare organizations possess high-value data, such as personal and financial information. Attackers can often resell records for high prices on the dark web.

Healthcare also offers a tempting target because many providers and organizations have legacy infrastructure and hardware. The lack of modern infrastructure and disjoined systems make it very challenging to protect against cyber threats. Attacks often go undetected for longer periods of time than other industries because the silos and multiple systems — often on-premise — make it hard to spot suspicious activity.

Reducing the risk of hacking

Healthcare organizations must proactively take steps to reduce hacking. Here are ways to lower risk at both large and small organizations:

  • Ensure all devices follow best security practices. Many healthcare organizations are increasingly using mobile devices for patient care and communication. Require employees to use strong passwords and keep all software updated on the devices.
  • Provide training to employees and contractors. With temporary employees often working in healthcare, you must be extra vigilant about making sure that everyone accessing the network receives training on best practices. Spotting phishing attacks and knowing the steps to take if you fall victim are especially important skills.
  • Use microsegmentation as a part of your zero trust model. By making sure that employees only have the access that they need to do their job by only providing access to the smallest possible part with microsegmentation, you can reduce risk, especially of social engineering and malware attacks. If an attacker breaches your organization, then the cyber criminals only gained access or damaged a very small part of the network.

Hacking is not a new threat to healthcare. But with the increased use of devices and remote work, the opportunities for hacking are higher than ever. By understanding your vulnerabilities and taking proactive action, you can reduce your risks of being hacked.

More from News

Recent developments and updates in Biden cyber policy

3 min read - The White House recently released its budget for the 2025 fiscal year, which supports the government’s commitment to cybersecurity. The cybersecurity funding allocations line up with the FY 2025 cybersecurity spending priorities released last year that included the following pillars: Defend critical infrastructure Disrupt and dismantle threat actors Shape market forces to drive security and resilience Invest in a resilient future Forge international partnerships to pursue shared goals. In 2023, the White House released a 35-page document detailing the new…

Change Healthcare cyberattack causes dire billing crisis

3 min read - Last month’s cyberattack on Change Healthcare, a sizable unit of UnitedHealth Group, brought new repercussions rarely seen in a cyberattack. As a result of the threat actor’s actions, healthcare systems and providers suffered cash flow issues, which resulted in providers being unable to pay their rent, owners dipping into their personal savings and patients being prevented from receiving important medications. Most importantly, patients are unable to get insurance approval for procedures, surgeries and prescriptions, which can affect their health outcomes.…

Can memory-safe programming languages kill 70% of security bugs?

3 min read - The Office of the National Cyber Director (ONCD) recently released a new report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software." The report is one of the first major announcements from new ONCD director Harry Coker and makes a strong case for adopting memory-safe programming languages. This new focus stems from the goal of rebalancing the responsibility of cybersecurity and realigning incentives in favor of long-term cybersecurity investments. Memory-safe programming languages were also included as a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today