The health care industry is being targeted by cyberthreats at an increasingly alarming rate. Once outpaced significantly in terms of breaches and malicious attacks by other sectors such as financial and retail, health care is no longer on the sidelines. Bringing them front and center are five of the eight largest security breaches that have affected this industry in the last five years. According to IBM X-Force Interactive Security Incidents data from Jan. 1, 2015 to Oct. 31, 2015, all five occurred in the first half of 2015, with almost 100,000,000 health care records compromised.

The Crown Jewel of the Health Care Industry: PHI

Why has the health care industry become a popular target? The answer is in the data. Health care’s crown jewel, protected health information (PHI), has an excellent resale value on the black market. The Health Insurance Portability and Accountability Act (HIPAA) introduced PHI as a term to represent an individual’s medical records and health information. Another frequently used term in the health care arena is electronic health record (EHR), which is a record containing PHI. In addition to medical information, EHRs could also contain email addresses, Social Security numbers, and banking and employment information.

Consequences of compromised PHI are multilayered. Aside from the significant costs to the breached health care organization, the customers of the targeted company face a plethora of potential hardships and costs. This significant cost to the individual victim translates to damaged reputation for the targeted health institution. According to the Ponemon Institute’s “2015 Cost of Data Breach Study,” health and pharmaceutical companies experience higher customer churn following a data breach over other industries in similar predicaments.

Read the complete research report: Security trends in the healthcare industry



IBM MSS Data Reveals Health Care’s Achilles’ Heel

IBM Managed Security Services continuously monitors billions of events per year, as reported by more than 8,000 client devices in over 100 countries. Analysis of data collected from Jan. 1, 2014 through Oct. 31, 2015 reveals some interesting finds regarding the types of attacks targeting the health care industry.

Malicious Documents and Sites

Getting a victim to open a malicious document or to click on a link that leads to a malicious site are proving to be successful attack methods against the health care industry, with delivery of a malicious document appearing to be preferred over a malicious link.


A threat game changer for 2014, Shellshock is well-documented in the IBM 2015 Cyber Security Intelligence Index. This malware-less attack vector that takes advantage of a vulnerability in the GNU Bash shell remains a significant and persistent threat.

Brute-Force Attacks

Attackers use an automated, repetitive method of trial and error to crack an individual’s username and password to gain access to administrator accounts or applications that store data on a Web application or Web-facing server. Once in, attackers can inject malware that can potentially get them further into the target health care organization’s network.

Older and Nonsanctioned Applications

Hospital organizations running earlier versions of Internet Explorer run the risk of an attacker using VBScript to execute arbitrary code on a vulnerable system. IBM MSS found that many health care company employees utilize a number of applications that may or may not be officially sanctioned by the organization, making it difficult to bring those systems into the security fold — and presenting an attacker with an additional attack vector.

Make Cybersecurity a Business Priority

One of the major challenges that health care faces is being able to address cyber risk in order to direct information technology investment and resources, especially as organizations address security of the data and technologies. Health care organizations are feeling this more acutely than most sectors due to the sensitivity, volume and velocity of the data in transit and traveling through their networks.

Cybercriminals see this as a rich environment for stealing data. The ability of attackers to do harm that is of immediate consequence, physically or financially, speaks volumes of the need for the health care industry to address issues and focus investments quickly.

Daunting as these security challenges may seem, health care organizations that are making a concerted effort to put cybersecurity at the forefront of their priorities are in a strong position to prevent compromise. Complying with the many regulatory health care requirements is a good start, but it’s not enough to thwart today’s attacks and keep organizations out of the breach spotlight. More has to be done to strengthen the overall security posture across all health care entities, from hospitals to smaller practices and device manufacturers, to ensure the protection of PHI. The only way to do this is to make cybersecurity a business priority.

Read the IBM X-Force research report: Security trends in the healthcare industry

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…