Learning CenterLearning Topics
Data Analytics vs. Data Analysis
Quantitative vs. Qualitative Data
What is Behavioral Analytics?
Data Analytics vs. Business Analytics
Data Analytics vs. Data Science
The Difference Between Data Analytics and Statistics
The Difference Between Data Analytics and Data Visualization
Data Analytics Lifecycle
Data Analytics vs Business Intelligence
What is Descriptive Analytics?
What is Data Analytics?
What is Diagnostic Analytics?
Data Analytics Processes
A top-level guide to data lakes
Redshift vs Snowflake vs BigQuery: Choosing a Warehouse
Data Warehouse Architecture
What Is a Data Warehouse?
How to Create and Use Business Intelligence with a Data Warehouse
Best Practices for Accessing Your Data Warehouse
Data Warehouse Best Practices — preparing your data for peak performance
How do Data Warehouses Enhance Data Mining?
Data Warehouses versus Databases: What’s the Difference?
What are the Benefits of a Data Warehouse?
Key Concepts of a Data Warehouse
Data Warehouses versus Data Lakes
Data Warehouses versus Data Marts
Difference Between Big Data and Data Warehouses
How to Move Data in Data Warehouses
What Is Customer Data?
Customer Data Analytics
Customer Data Management
Collecting Customer Data
The Importance of First-Party Customer Data After iOS Updates
Types of Customer Data
What Is a Customer Data Platform?
What is an Identity Graph?
Customer Data Protection
A complete guide to first-party customer data
CDPs vs. DMPs
What is Identity Resolution?
What is Consent Management?
Data Access Control
Data Sharing and Third Parties
What is PII Masking and How Can You Use It?
Data Security Strategies
Data Security Technologies
Data Protection Security Controls
How to Manage Data Retention
How To Handle Your Company’s Sensitive Data
Data Security Best Practices For Companies
What is Persistent Data?
Google Analytics 4 and eCommerce Tracking
What Is Google Analytics 4 and Why Should You Migrate?
GA4 Migration Guide
GA4 vs. Universal Analytics
What are the New Features of Google Analytics 4 (GA4)?
Benefits and Limitations of Google Analytics 4 (GA4)
Understanding Google Analytics 4 Organization Hierarchy
Understanding Data Streams in Google Analytics 4
We'll send you updates from the blog and monthly release notes.
Healthcare industry continues to be top target for cybercriminals
In today's digital world, criminal activity is a constant threat. Cybercriminals only need to gather a few minor details to hack email or company accounts. If successful, they can use this information to break into bank accounts, impersonate employees, and sell both commercial and personal data.
There are ways to protect a company’s digital presence, but hackers evolve new ways to break through these measures. While hacking personal platforms is common, cyber criminals reap greater rewards by targeting large organizations with high financial value or ones that store masses of personal data. For the latter, there is one industry that hackers target the most often — healthcare.
Why is healthcare a major target for cybercriminals?
Historically, the healthcare industry has faced some of the most severe cyber-attacks. Because they handle vast amounts of sensitive patient data, they're a top target.
Hackers often gain sensitive information by hacking into electronic medical record (EMR) systems, which store patient information and make up 8% of all hacking breaches. The problem lies in how multiple healthcare facilities use the same EMR vendors. If someone can successfully hack one system, they're not just obtaining one facility's records, but several.
The healthcare industry is a thinly-stretched, around-the-clock sector requiring an army of professionals to keep it running. With so much time and resources dedicated to patient care and a reluctance to disturb daily working practices, updating software and technologies is often pushed down the priority list. Of course, this leaves the healthcare industry trailing behind security trends, making it an easier target.
The number of breaches shot up at the start of the pandemic when the healthcare industry shifted its focus elsewhere. Breach cases reached a record high of 393 in the second half of 2020. While that figure fell to 324 breaches in the first half of 2022, the number is still much higher than before the COVID-19 pandemic. Things might be looking better than they were two years ago, but it’s still essential for healthcare to implement more robust security defenses.
The biggest medical breaches
There have been many medical data breaches over the years, with the most significant falling to Anthem Inc. Now recognized as Elevance Health, a major phishing attack hit the health insurance provider in 2015. During the intrusion, hackers obtained a range of customer details, including:
- Dates of birth
- Home addresses
- Social security numbers
- Employment information
- Personal email addresses
- Anthem health ID numbers
The data breach affected 78.8 million people, and the financial impact of the cyber attack on Anthem was disastrous:
- $2.5 million in consultation costs
- $115 million for improved security
- $31 million to notify the public and those affected
- $112 million credit protection for affected individuals
Anthem incurred a total financial loss of $260 million, more than any other US healthcare company.
Who are the primary victims of healthcare-based cyber attacks?
Interestingly, the pattern of cyber attacks in healthcare has seen a shift. Instead of putting hacking efforts into large healthcare facilities, criminals are looking to smaller organizations with the assumption of weaker defenses.
The Eye Care Leaders specialize in providing ophthalmology-specific EMR systems to more than 9,000 physicians across the country. The company experienced a mega-breach in December 2021, which exposed more than 2 million records. Shields Health Care Group, an imaging provider, faced similar numbers in March 2022. While it is understood the breach was handled quickly and efficiently, the impact could have affected 56 facilities.
When discussing who the primary cyber attack healthcare victims are, it’s helpful to consider the three main categories within the industry:
- Healthcare providers
- Healthcare plans
- Business associates
Out of the three entities, healthcare providers make up the most significant number of breaches year-on-year. Healthcare plans have historically followed closely behind but were surpassed in early 2022 by business associates, which includes EMR providers. With the number of breaches faced by business associates rising from 10.3% in 2019 to 14.5% in 2022, they are now the second-most breached entity.
However, it’s not just down to the number of breaches each entity faces, but the individuals affected per case. Healthcare providers experience more cyber security breaches, affecting an estimated 59,000 records every time. Business associates don’t experience as many breaches, but each breach affects 97,000 records. Ultimately, while smaller healthcare facilities are the primary target for cyber attacks in healthcare, many individuals whose details are breached are viewed as the primary victims.
Which state faces the most cyber attacks?
According to the most recently published FBI Internet Crime Report, the US faced an uncommonly high increase in criminal cyber activity in 2021. The Internet Crime Complain Center (IC3) received 847,376 complaints of cyber-related criminal activity — a total financial loss of $6.9 billion. Over 51,000 of those complaints were related to personal data breaches.
Interestingly, some US states face more attacks year-on-year than others. However, although a state has a higher number of personal victims, that doesn't always equate to overall financial loss.
In 2021, California had more victims than any other state, ending with 67,095 complaints. That number is significantly higher than other states, so it makes sense for the financial loss to be as such ($1.2 billion).
Florida came in second place for the total number of 2021 victims. However, while Texas and New York had fewer victims, they surpassed Florida in terms of the total financial loss per state.
|State||Total victims (2021)||Financial loss (2021)|
How to prevent cyber attacks in healthcare
All entities within the healthcare industry must consistently keep up with and implement measures to prevent a medical data breach.
As well as having a responsibility to provide physical patient care, the healthcare industry is legally required to protect its patient and organizational data from potential cyber-attacks under the US Health Insurance Portability and Accountability Act (HIPAA). This act is regulated by the Department of Health and Human Services (HHS) and applies to any facility that handles protected health information (PHI).
HIPAA guidelines for healthcare professionals require every facility to implement effective and up-to-date technologies that can effectively secure patient data and avoid an attempted medical breach.
RudderStack is a customer data platform with a focus on privacy and security to provide clients with robust data pipelines to collect and leverage their data with complete control.
The business earned HIPAA-compliant status in 2022 and is recognized for using advanced technologies to protect data from criminal activity. Since becoming HIPAA compliant, RudderStack has helped healthcare companies like Accrux protect their patient data with modern and effective customer data security tools.