Close this search box.

Healthcare needs to start worrying about its IT vulnerability

Organisations in healthcare really need to start worrying about the vulnerability and security of their IT systems, their patient and other data and their connected medical equipment. Earlier in September Intel security released a report stating ransomware is beginning to have a real impact on the health sector. Now security supplier Gemalto reports in its Data breach Index the health sector sufferd over a quarter of al reported data breaches worldwide. And this percentage is growing.

First some general data on the Gemalto report. Data breaches increased 15 percent in the first six months of 2016 compared to the last six months of 2015, the report states. Worldwide, there were 974 reported data breaches and more than 554 million compromised data records in H1, compared to 844 data breaches and 424 million compromised data records in the previous six months.

 52 percent of the data breaches in the first half did not disclose the number of compromised records at the time they were reported, so the number of compromised data records could be signifficantly higher. Over  4.8 billion data records have been exposed since 2013 when a Gemalto index began benchmarking publicly disclosed data breaches.

Identity theft has now been the number one type of data breach since 2013, when the Breach Level Index first began tracking these incidents. And it continues to represent a growing number of the total breaches. Comparing H1 2016 to the same period last year, identity theft breaches have increased in prevalence by 38%.Identity theft accounted for 64% of all data breaches in H1 2016 – that’s a total of 621 incidents and theft of more than 294 million data records (53% of all records lost/stolen).

Malicious outsiders were the leading source of data breaches, accounting for 69 percent of breaches, up from 56 percent in the previous six months. In terms of top three geographic regions for reported data breaches, 79 percent were in North America, 9 percent were in Europe, and 8 percent were in Asia-Pacific.

Closer look at health care

Now lets take a closer look at the health care sector.  While Government took home the un-coveted trophy for most data records lost/stolen,Gemalto writes in a blog, the healthcare industry experienced the most data breaches overall in H1 2016 – 263 incidents, which adds up to 27% of all breach incidents. While the government sector lost large the most data per breach, healthcare organizations experienced the most breaches, but accounted for only 5% of total data records compromised (30,017,528).

Why would healthcare account for the majority of breaches, but not the number of data records stolen? Gemalto isn’t really sure. A theory – and it is just that at this point– is that there are many healthcare organizations being breached possess relatively smaller amounts of information per database for hackers to steal.

Whereas we saw 150 million records compromised due to a single breach of a U.S. voter database, the top healthcare data breach in H1 2016 – in terms of records stolen – accounted for the loss of “only” 10 million records. That particular incident involved a member of the hacktivist group Anonymous breaching the servers of Turkish hospitals and stealing patients’ medical data as well as staff records in retaliation for cyberattacks on U.S. hospitals believed to be perpetrated by Turkish hackers.

While tens of millions of compromised records is certainly better than hundreds of millions, no organization or industry wants to endure either. It’s also important to note that the 263 healthcare breaches in H1 2016 already equals 70% of the total healthcare breaches that occurred in all of 2015 – meaning the industry is currently on track to experience more breaches year-over-year. Not a good sign.

Ransomware, a growing impact

Earlier in September Intel Security released another report stating the health sector has become an attractive segment for hackers.   Ransomware is a growing threat to the healthcare industry, according to the latest McAfee Labs Cyber Threat report. Following a rash of targeted ransomware attacks upon hospitals in early 2016, Intel Security investigated the attacks, the ransomware networks behind them, and the payment structures enabling cybercriminals to monetize their malicious activity.

The researchers identified nearly $100,000 in payments from hospital ransomware victims to specific bitcoin accounts. While healthcare is still clearly a small proportion of the overall ransomware ‘business,’ McAfee Labs expects a growing number of new industry sectors to be targeted by the extensive networks launching such attacks.

The research team attributes the increased focus on hospitals to such organizations’ reliance on legacy IT systems, medical devices with weak or no security, third-party services that may be common across multiple organizations and the need for hospitals to have immediate access to information to deliver the best possible patient care.

“As targets, hospitals represent an attractive combination of relatively weak data security, complex environments and the urgent need for access to data sources, sometimes in life or death situations,” said Vincent Weafer, vice president for Intel Security’s McAfee Labs. “The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors.


ICT&health World Conference 2024

Experience the future of healthcare at the ICT&health World Conference from May 14th to 16th, 2024!
Secure your ticket now and immerse yourself in groundbreaking technologies and innovative solutions.
Engage with fellow experts and explore the power of global collaborations.

Share this article!

Read also
Navigating Digital Maturity in Healthcare IT
Digital maturity vs. Reality. How to rethink the IT staff role in a hospital
Online health care icon application on smart phone
End-users of mobile health apps expect far more than a good design
Mayo Clinic started with its innovations for its ten million patients and demonstrated that its model worked, and that data could be ethically and responsibly used to drive innovations.
John Halamka: 'Create the Fear of Missing Out'
Balancing regulatory compliance with seamless adoption, healthcare navigates the integration of AI solutions.
A guide to implementing AI in healthcare amid the EU AI Act
Futurist Amy Webb claims that wearables will evolve into "connectables"
Digital health solutions empower patients to better manage their health and integrate care into their daily lives.
How to improve Digital Patient Engagement to streamline workflows
For people with diabetes, inaccurate blood glucose measurements can lead to errors in diabetes management, including taking the wrong dose of insulin, sulfonylureas, or other medications that can rapidly lower blood glucose.
Smartwatches measuring glucose level: Harmful but easy to buy fake innovations
How to introduce innovation and AI in healthcare organizations if there is no business model for prevention and quality – Our interview with Professor Ran Balicer, the Chief Innovation Officer at Clalit Health Services and founding Director of Clalit Research Institute.
I see no legitimate rationale for delaying the digital transformation in healthcare
Pioneering Cardiac Arrest Detection for Enhanced Survival.
CardioWatch Revolutionizes Cardiac Arrest Detection
Dr. Oscar Díaz-Cambronero, Head of Perioperative Medicine Department at La Fe Hospital, spearheads innovative telemonitoring initiatives revolutionizing patient care
Smartwatches Saving Lives Inside and Outside the Hospital
Follow us