Cyberattacks in the Healthcare Industry: An Overview

Gone are the days when doctors and nurses would open a filing cabinet to get important information about a patient. Nowadays, digitizing files in hospitals and other healthcare organizations makes things more efficient and convenient and helps improve patient care. 

However, this convenience also brings challenges, particularly in the form of cyberattacks. This blog will explore key aspects of healthcare cybersecurity, including statistics, threats, and preventive measures to take, such as online HIPAA training, to stay compliant and keep patient data safe.  

What Are Common Healthcare Cyberattacks? 

Cybercriminals use many methods to exploit vulnerabilities in the healthcare sector, posing significant threats to protected health information (PHI) and overall cybersecurity. Some cybersecurity threats to healthcare include:

• Ransomware Attacks: When malicious software encrypts a healthcare organization's files, demanding payment for their release
• Phishing Schemes: Involves deceptive emails or messages to trick individuals into revealing sensitive information, often targeting healthcare employees with access to valuable data
• Credential Theft: Where login credentials are stolen to gain access to an online account or system
• Malware Attacks: Uses harmful software like viruses, trojans, and ransomware to exploit vulnerabilities through methods such as infected email attachments, compromised websites, or software vulnerabilities 

Cybersecurity Healthcare Statistics 

In the first half of 2023 alone, the U.S. Department of Health and Human Services’ Office for Civil Rights received reports of over 327 reported healthcare data breaches, a 104% increase from 2022. These cyberattacks impacted the data of over 40 million individual patients, marking a 60% increase compared to the previous year. 

Notably, the breaches in 2023 included five instances involving at least 3 million records each, surpassing the scale of previous years. The report also highlights a bigger risk for healthcare business associates, accounting for 14% of all reported breaches and experiencing a 273% increase compared to the same period in 2022. 

Why Healthcare Is a Target for Cyberattacks 

Healthcare organizations are prime targets for cyberattacks due to several factors:

• Valuable Patient Data: Electronic Health Records (EHRs) contain sensitive information, including Social Security numbers, insurance details, and medical histories, which are lucrative on the black market. 
• Outdated Systems: Many healthcare facilities operate on legacy systems that lack current security updates, making them vulnerable to exploits like EternalBlue, which was used in the WannaCry attack. 
• Operational Imperatives: The critical nature of healthcare services means that organizations are more likely to pay ransoms quickly to restore operations, making them attractive targets for ransomware attacks. 
• Complex Networks: The integration of various devices and systems, including IoT medical devices, expands the attack surface, providing more entry points for cybercriminals. 

Real-Life Examples of Cyberattacks in Healthcare 

Cyberattacks on patient data and confidentiality can have devastating consequences, compromising sensitive information and impacting individuals and healthcare providers. Such incidents highlight the importance of cybersecurity for healthcare organizations and the need to take proactive steps to protect sensitive patient data. 

Here are recent real-world incidents that demonstrate the impact of cyberattacks on patient care: 

1. WannaCry Ransomware Attack (2017) 

In May 2017, the WannaCry ransomware attack exploited a vulnerability in outdated Windows systems, rapidly spreading across 150 countries and infecting over 200,000 computers. 

The U.K.'s National Health Service (NHS) was particularly affected, with up to 70,000 devices—including MRI scanners and blood-storage refrigerators—impacted. This led to the cancellation of approximately 13,500 outpatient appointments and a significant disruption in services, costing the NHS an estimated £92 million (~$117 million). 

2. Universal Health Services Breach (2020)

In September 2020, Universal Health Services (UHS), operating over 400 healthcare facilities in the U.S. and U.K., suffered a ransomware attack that forced the shutdown of its IT systems. The breach led to the diversion of ambulances, cancellation of surgeries, and staff resorting to manual documentation. UHS reported a pre-tax loss of approximately $67 million due to the incident. 

3. Fortra GoAnywhere Data Breach (2023)

In January 2023, Fortra's GoAnywhere Managed File Transfer software was exploited by cybercriminals, leading to unauthorized access to the personal and healthcare information of approximately five million individuals. 

The breach affected several healthcare organizations, including Aetna, Brightline, and Community Health. A $20 million class action settlement was reached, allowing affected individuals to claim up to $5,000 for documented losses or approximately $85 without proof of losses. Additionally, all claimants were offered dark web monitoring services. 

4. 23andMe Data Breach (2023) 

In October 2023, genetic testing company 23andMe experienced a data breach that exposed sensitive personal and genetic information of approximately 6.9 million users. The breach was carried out through credential stuffing attacks, exploiting reused usernames and passwords from previous data leaks. 

The compromised data included names, birth years, locations, genetic ancestry results, and health-related information. The incident raised significant privacy concerns and led to class-action lawsuits against the company.

5. Change Healthcare Ransomware Attack (2024) 

In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, suffered a major ransomware attack that disrupted healthcare operations across the U.S. The attack compromised the sensitive data of approximately 190 million individuals, including health insurance details, general health data, and billing information. 

The breach was attributed to the ALPHV/Blackcat ransomware group, which exploited compromised credentials lacking multifactor authentication. UnitedHealth Group paid a $22 million ransom in response to the attack. 

The incident led to significant operational disruptions, with electronic payments and medical claims processing halted, forcing patients to pay out of pocket and causing revenue losses for healthcare providers. 

Healthcare Cybersecurity Best Practices for Hospitals 

Healthcare organizations can strengthen their digital defenses by implementing several basic cybersecurity measures. Some best practices include:

• Data Encryption: Encrypt sensitive patient data to protect it from unauthorized access, especially during data transmission and storage.
• Regular Software Updates: Keep all software, including operating systems and applications, up to date with the latest security patches to address vulnerabilities.
• Firewall Protection: Use firewalls to monitor and control incoming and outgoing network traffic, preventing unauthorized access and potential cyber threats.
• Incident Response Plan: Develop and regularly update an incident response plan to efficiently address and mitigate the impact of a cybersecurity incident.
• Employee Training and Awareness: Educate staff on cybersecurity best practices, including recognizing phishing attempts and understanding the importance of data protection. 

Employee HIPAA Training with 360training 

We hope these measures can significantly improve your healthcare organization’s ability to protect patient data and maintain the integrity of its digital infrastructure. 
To be on top of safety and security, stay HIPAA-compliant with 360training’s comprehensive, online HIPAA courses. We offer training programs for healthcare workers, business associates, medical office staff, and dental offices. Do your part in protecting patient data, and enroll today.