Email Security

    Healthcare Cyber Threats: A Code Blue Emergency

    The healthcare industry is struggling to keep pace with an epidemic of cyber threats

    by Elliot Kass

    Key Points

    • Healthcare organizations are among the most targeted by cybercriminals because they collect so much high-value data.
    • Three out of four healthcare respondents say it’s likely that their organization will be damaged by an email-borne attack.
    • Efforts to counter this onslaught are lagging, although some steps are being taken to improve cyber preparedness.

    A High-Profile Target

    Healthcare organizations are among the most targeted by cybercriminals due to the vast troves of high-value data they collect. Compared to stolen credit card numbers, pilfered health records can sell for 10 times or more on the dark web. That’s because, in addition to credit card and bank account numbers, these records often include protected health information (PHI), Social Security numbers, and other personally identifiable information (PII), which can be used for blackmail and identity theft. Other files containing proprietary medical research are also coveted by thieves, who then sell it on the black market. 

    The industry, moreover, generates a staggering amount of data. A single hospital can produce as much as 50 petabytes per year, an incredibly large volume of information to store and protect1.

    As a result, the cost of a data breach is higher for the healthcare sector than for any other industry. The average cost for a healthcare industry intrusion was more than twice than the overall average at $10.93 million — an amount that has risen 53.3% over the past three years. It also takes longer for the healthcare sector to detect a breach — 231 days on average, compared to 204 days for all other industries combined. 

    According to Ibid, Phishing emails were the most common source of attack, accounting for 16% of the incidents that took place among healthcare providers. But ransomware is also a major threat to the industry.

    Lack of Preparedness

    The consequences of these attacks are compounded by the healthcare industry’s lack of cyber vigilance. The sector also spends less on cybersecurity than other industries. The silver lining here is that the healthcare CISOs and other IT execs interviewed recognize that this is a problem: When asked how much of their organization’s IT budget should be allocated to data security, well over half said that the amount ought to be increased by an average of 12%.

    In the U.S., at least, the government is also stepping in to help the sector improve its security posture. In 2023, the U.S. Department of Health and Human Services Cybersecurity Taskforce launched a free program to provide resources and training to help counter the onslaught of cyberthreats the industry faces2.

    The Bottom Line

    Cyberattacks against healthcare institutions continue to proliferate, even as the consequences of such attacks grow more dire. The industry, meanwhile, is struggling to keep pace with this scourge, although some efforts are underway to bolster the sector’s cyber resiliency. Learn more about how healthcare companies can benefit from partnering with Mimecast. 


     

    1 “4 ways data is improving healthcare,” World Economic Forum

    2 “HHS Cybersecurity Task Force Provides New Resources to Help Address Rising Threat of Cyberattacks in Health and Public Health Sector,” U.S. Department of Health and Human Services 

     

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page