Cyberattacks have become ubiquitous, and while they hit many industries, did you know that healthcare tops ALL industries, when it comes to money lost in data breaches?
Between 2022 and 2023, healthcare industry losses from data breaches increased by over 8 percent, going from $10 million to $11 million, twice as much as the second-most breached industry. And over the past three years, the average cost of a data breach in healthcare grew by over 50 percent.
As an employee in the healthcare technology sector, I’m inundated by news of cyberattacks and their implications, but never more than recently.
In June, I went on new parent leave from work for over a month. When I returned just two weeks ago, I had hundreds of unread emails and news alerts to catch up on, but the issue of data breaches stood out. Here’s just a taste of what I came back to:
- 1.7 million Oregon Health Plan members affected by a coordinated data hack that compromised their private member data.
- A ransomware attack affecting facilities in a 16-hospital system with facilities located around the country. ED services, elective surgeries, urgent care, wound healing, and several other specialties all shut down.
- A sizable, national healthcare facilities operator facing its fifth patient lawsuit related to a July data breach that compromised information of 11 million patients from 171 hospitals across 19 states.
- A data security “incident” at hospitals and clinics operated in California, Texas, Connecticut, Rhode Island, and Pennsylvania, causing suspension of elective surgeries, outpatient appointments, and primary care services.
- One of Florida’s largest hospitals hit by three weeklong hacks that obtained personal data of 1.2 million patients, including names, addresses, phone numbers, birthdates, Social Security numbers, health insurance information, and medical record numbers.
This is not just a patient privacy issue or a health plan/system financial issue. It’s also a patient safety issue, especially when medical facilities are forced to delay treatments and divert ambulances.
Fallout from a cyberattack on one hospital or system often has a ripple effect, causing adjacent facilities to see an uptick in ambulances arriving, patient volume, and wait times to receive care.
In fact, the number of scenarios in which a patient left these adjacent facilities without even being seen by a doctor was shown to have risen by an overwhelming 127 percent!
Additionally, healthcare organizations often report increased patient mortality rates, poor patient outcomes, and complications from medical procedures after experiencing a data breach.
In short, healthcare is a leading target for cyberattacks because it has numerous virtual vulnerabilities that, according to an FBI cybersecurity specialist, are nearly impossible to fully eliminate.
For instance, healthcare providers are a prime target for cyber criminals because they retain tons of sensitive patient data, like healthcare histories, payment information, and even detailed research data that can be obtained digitally and held for ransom.
This dilemma is compounded by several additional factors, including: a) private patient information is worth a lot of money on the black market; b) the medical industry’s urgent nature lends itself to open and shareable healthcare information; and c) medical technology is constantly becoming outdated, making it an easy entry point for hackers while leaving the industry unprepared for attacks, even with safeguards in place.
Meanwhile, the feds aren’t much help in this area. Aside from setting cybersecurity standards for medical devices and introducing legislation to mandate cybersecurity minimums for hospitals, government regulation is quite sparse.
So, here’s my call to action – we should focus more attention on the cyberattacks bludgeoning this industry and how prevalent they are. We should all be increasingly vigilant, regardless of the role we play in the industry, because this a crisis that can easily affect any of us.