Healthcare Cyber Threats: A Code Blue Emergency

A High-Profile Target

Healthcare organizations are among the most targeted by cybercriminals due to the vast troves of high-value data they collect. Compared to stolen credit card numbers, pilfered health records can sell for 10 times or more on the dark web. That’s because, in addition to credit card and bank account numbers, these records often include protected health information (PHI), Social Security numbers, and other personally identifiable information (PII), which can be used for blackmail and identity theft. Other files containing proprietary medical research are also coveted by thieves, who then sell it on the black market. 

The industry, moreover, generates a staggering amount of data. A single hospital can produce as much as 50 petabytes per year, an incredibly large volume of information to store and protect¹.

As a result, the cost of a data breach is higher for the healthcare sector than for any other industry. The average cost for a healthcare industry intrusion was more than twice than the overall average at $10.93 million — an amount that has risen 53.3% over the past three years. It also takes longer for the healthcare sector to detect a breach — 231 days on average, compared to 204 days for all other industries combined. 

According to Ibid, Phishing emails were the most common source of attack, accounting for 16% of the incidents that took place among healthcare providers. But ransomware is also a major threat to the industry.

Lack of Preparedness

The consequences of these attacks are compounded by the healthcare industry’s lack of cyber vigilance. The sector also spends less on cybersecurity than other industries. The silver lining here is that the healthcare CISOs and other IT execs interviewed recognize that this is a problem: When asked how much of their organization’s IT budget should be allocated to data security, well over half said that the amount ought to be increased by an average of 12%.

In the U.S., at least, the government is also stepping in to help the sector improve its security posture. In 2023, the U.S. Department of Health and Human Services Cybersecurity Taskforce launched a free program to provide resources and training to help counter the onslaught of cyberthreats the industry faces².

The Bottom Line

Cyberattacks against healthcare institutions continue to proliferate, even as the consequences of such attacks grow more dire. The industry, meanwhile, is struggling to keep pace with this scourge, although some efforts are underway to bolster the sector’s cyber resiliency. Learn more about how healthcare companies can benefit from partnering with Mimecast. 

1 “4 ways data is improving healthcare,” World Economic Forum

2 “HHS Cybersecurity Task Force Provides New Resources to Help Address Rising Threat of Cyberattacks in Health and Public Health Sector,” U.S. Department of Health and Human Services