The health care industry is being targeted by cyberthreats at an increasingly alarming rate. Once outpaced significantly in terms of breaches and malicious attacks by other sectors such as financial and retail, health care is no longer on the sidelines. Bringing them front and center are five of the eight largest security breaches that have affected this industry in the last five years. According to IBM X-Force Interactive Security Incidents data from Jan. 1, 2015 to Oct. 31, 2015, all five occurred in the first half of 2015, with almost 100,000,000 health care records compromised.

The Crown Jewel of the Health Care Industry: PHI

Why has the health care industry become a popular target? The answer is in the data. Health care’s crown jewel, protected health information (PHI), has an excellent resale value on the black market. The Health Insurance Portability and Accountability Act (HIPAA) introduced PHI as a term to represent an individual’s medical records and health information. Another frequently used term in the health care arena is electronic health record (EHR), which is a record containing PHI. In addition to medical information, EHRs could also contain email addresses, Social Security numbers, and banking and employment information.

Consequences of compromised PHI are multilayered. Aside from the significant costs to the breached health care organization, the customers of the targeted company face a plethora of potential hardships and costs. This significant cost to the individual victim translates to damaged reputation for the targeted health institution. According to the Ponemon Institute’s “2015 Cost of Data Breach Study,” health and pharmaceutical companies experience higher customer churn following a data breach over other industries in similar predicaments.

Read the complete research report: Security trends in the healthcare industry



IBM MSS Data Reveals Health Care’s Achilles’ Heel

IBM Managed Security Services continuously monitors billions of events per year, as reported by more than 8,000 client devices in over 100 countries. Analysis of data collected from Jan. 1, 2014 through Oct. 31, 2015 reveals some interesting finds regarding the types of attacks targeting the health care industry.

Malicious Documents and Sites

Getting a victim to open a malicious document or to click on a link that leads to a malicious site are proving to be successful attack methods against the health care industry, with delivery of a malicious document appearing to be preferred over a malicious link.


A threat game changer for 2014, Shellshock is well-documented in the IBM 2015 Cyber Security Intelligence Index. This malware-less attack vector that takes advantage of a vulnerability in the GNU Bash shell remains a significant and persistent threat.

Brute-Force Attacks

Attackers use an automated, repetitive method of trial and error to crack an individual’s username and password to gain access to administrator accounts or applications that store data on a Web application or Web-facing server. Once in, attackers can inject malware that can potentially get them further into the target health care organization’s network.

Older and Nonsanctioned Applications

Hospital organizations running earlier versions of Internet Explorer run the risk of an attacker using VBScript to execute arbitrary code on a vulnerable system. IBM MSS found that many health care company employees utilize a number of applications that may or may not be officially sanctioned by the organization, making it difficult to bring those systems into the security fold — and presenting an attacker with an additional attack vector.

Make Cybersecurity a Business Priority

One of the major challenges that health care faces is being able to address cyber risk in order to direct information technology investment and resources, especially as organizations address security of the data and technologies. Health care organizations are feeling this more acutely than most sectors due to the sensitivity, volume and velocity of the data in transit and traveling through their networks.

Cybercriminals see this as a rich environment for stealing data. The ability of attackers to do harm that is of immediate consequence, physically or financially, speaks volumes of the need for the health care industry to address issues and focus investments quickly.

Daunting as these security challenges may seem, health care organizations that are making a concerted effort to put cybersecurity at the forefront of their priorities are in a strong position to prevent compromise. Complying with the many regulatory health care requirements is a good start, but it’s not enough to thwart today’s attacks and keep organizations out of the breach spotlight. More has to be done to strengthen the overall security posture across all health care entities, from hospitals to smaller practices and device manufacturers, to ensure the protection of PHI. The only way to do this is to make cybersecurity a business priority.

Read the IBM X-Force research report: Security trends in the healthcare industry

More from Healthcare

Cost of a data breach 2023: Healthcare industry impacts

3 min read - Data breaches are becoming more costly across all industries, with healthcare in the lead. The 2023 Cost of a Data Breach Report analyzes data collected from March 2022 to March 2023. Healthcare remains a top target for online criminal groups. These data breach costs are the highest of any industry and have increased for the 13th consecutive year. Healthcare is a highly regulated industry that the U.S. government considers critical infrastructure. As such, recent federal privacy standards, security standards and…

Cyberattackers target the Latin American health care sector

3 min read - Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern. The value of healthcare data in the illegal market, such as the personal, medical and financial information of patients and healthcare companies, creates an appealing target for threat actors. This can have serious consequences for the privacy and information security of these organizations. Cyberattacks could lead to reputational risks, interruption of operations,…

Increasingly sophisticated cyberattacks target healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

Reporting healthcare cyber incidents under new CIRCIA rules

4 min read - Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your…